3. Linux "Ghost" Remote Code Execution Vulnerability

Linux "Ghost" Remote Code Execution Vulnerability

On January 27, 2015, a GNU C Library (glibc) vulnerability, referred to as the GHOST vulnerability, was announced to the general public. In summary, the vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in glibc's GetHOST functions (hence the name). Like Shellshock and Heartbleed, this vulnerability is serious and affects many servers.

The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. That is, systems that use glibc-2.2 to glibc-2.17 are at risk. Many Linux distributions including, but not limited to, the following are potentially vulnerable to GHOST and should be patched:

CentOS 6 & 7 Debian 7 Red Hat Enterprise Linux 6 & 7 Ubuntu 10.04 & 12.04 End of Life Linux Distributions It is highly recommended that you update and reboot all of your affected Linux servers. We will show you how to test if your systems are vulnerable and, if they are, how to update glibc to fix the vulnerability.

Check System Vulnerability The easiest way to test if your servers are vulnerable to GHOST is to check the version of glibc that is in use. We will cover how to do this in Ubuntu, Debian, CentOS, and RHEL.

Ubuntu & Debian Check the version glibc by looking up the version of ldd (which uses glibc) like this:

ldd --version The first line of the output will contain the version of eglibc, the variant of glibc that Ubuntu and Debian use. It might look like this, for example (the version is highlighted in this example):

ldd (Ubuntu EGLIBC 2.15-0ubuntu10.7) 2.15 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. If the version of eglibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:

Ubuntu 12.04 LTS: 2.15-0ubuntu10.10 Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20 Debian 7 LTS: 2.13-38+deb7u7 If the version of eglibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.

CentOS & RHEL Check the version glibc by looking up the version of ldd (which uses glibc) like this:

ldd --version The first line of the output will contain the version of glibc. It might look like this, for example (the version is highlighted in this example):

ldd (GNU libc) 2.17 Copyright (C) 2012 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper. If the version of glibc is older than 2.18, your system is vulnerable to GHOST and should be updated. If you are using 2.18 or later, you are safe from the vulnerability.

/r/programming Thread Link - us-cert.gov
Previous
Next

Recently removed from /r/programming

A Plea for Fairness for Non-profit Developers of Open Source Software TIL It takes developers 23 minutes of uninterrupted focus until they hit their “flow” state - the stage in which they do actual coding. Slack messages, fragmented meeting schedules and the need to be "available" online is hampering the possible productive gains “ChatGPT Will Replace Programmers Within 10 Years” - What do YOU, the programmer think? Docker is deleting Open Source organisations - what you need to know Disambiguating Arm, Arm ARM, Armv9, ARM9, ARM64, Aarch64, A64, A78, ... ASP.NET Core Blazor - A Complete Overview The Case for Functional CSS Why we ditched GraphQL for tRPC Single mom sues coding boot camp over job placement rates Good day. I'm writing a QUIC proxy in C. It's halfway done. It uses HTTP as protocol. Parser written, QUIC implemented through MS's library. Please star if you like. Thanks. Meta releases Sapling, a new way of using source control We’ve filed a law­suit chal­leng­ing GitHub Copi­lot, an AI prod­uct that relies on unprece­dented open-source soft­ware piracy. We Need To Talk About The Bad Sides of Go GitHub Copilot investigation Is a ‘software engineer’ an engineer? Alberta regulator says no, riling the province’s tech sector

More Random Comments

(Spoilers AFFC) Why a certain parting hit me harder than I expected ELI5: How are there different guns if all guns use the same principle to fire? How can i make this code shorter? * CMV: SJWs are a group of bullies. Racist, ignorant and hypocritical. [#TOPMOVIE!] Old Dogs (2009) Full Movie Simple to watch android iphone ipad mac pc 720p 1080p Jack Ma (CEO of Alibaba) gives the best advice on how to be successful in LIFE {#NEWHD!} Meeting Evil (2012) Watch full movie online pc mac android 1080p without membership =2015#FREE¬PutLocKeR>Watch,!"The Hunger Games: Mockingjay - Part 2" Full,,Movie,,Online,,Free,,1080p,, Newspaper draws piggy bank to show ISIS funding, Muslim groups attack it as pig is “unislamic” {#REUPLOADED!} The Phantom of the Opera (2004) Watch full movie without registering 720p 1080p Stream tablet ipad Anyone user Firefox Sync for bookmarks? Is it reliable? [US] Scooby-Doo The Mystery Machine (75902) $20.97/30% @ B&N.com [WP] You are a member of an ancient extraterrestrial race and you've just been tasked with designing the first ever human being. Why Wendy might be the bad guy this season Week 14 NCAAF Early Lines