securitybreach Posted January 28, 2015 Share Posted January 28, 2015 This is a vulnerability found that affects older versions of distros except for Debian (because it uses an older version of glibc) and they are working on a patch. Another reason to use an up to date distro.. Summary:This security hole, which impacts many older versions of Linux and some current ones, should be patched as soon as possible. Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords. Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of theRed Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network." This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18. However, this fix was not classified as a security problem, and as a result, many stable and long-term-support distributions are wide open today. Linux systems that are liable to attack include Debian 7 (Wheezy), RHEL 5, 6, and 7, CentOS 6 and 7 and Ubuntu 12.04. Besides Red Hat's fix, Debian is currently repairing its core distributions, Ubuntu has patched the bug both for 12.04 and the older 10.04, and I'm told the patches are on their way for CentOS....... http://www.zdnet.com...ity-hole-found/ Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 28, 2015 Author Share Posted January 28, 2015 Glibc: GHOST Vulnerability Test To See If a Linux Sever Is Secure The GHOST (CVE-2015-0235) is serious network function vulnerability in Glibc. How do I check and test if a my Linux based server is secure using command line options? There are two methods to test and find out if your server or desktop powered by Linux is secure or not: (a) A simple C test program for all Linux based servers (distro independent; generic method). (b ) A simple bash shell test program for RHEL or CentOS or Scientifc Linux server only... http://www.cyberciti...x-test-program/ Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 28, 2015 Author Share Posted January 28, 2015 Just for kicks: Quote Link to comment Share on other sites More sharing options...
amenditman Posted January 28, 2015 Share Posted January 28, 2015 (edited) As usual, if you are running servers and not keeping them up to date, get them updated now. But, not really a real world problem. More theoretical than practical. Here is what the researchers had to say about the GHOST leaked info. Subject: Re: Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow On Tue, Jan 27, 2015 at 09:20:21AM -0800, Michal Zalewski wrote: > Nice work - thanks for the thoroughly investigated and detailed advisory. Thank you very much. We also sincerely regret that some information about this vulnerability was leaked a few hours before the Coordinated Release Date (Time, in this particular case). > you be willing to publish the list of the reviewed implementations to > reduce the amount of repeated work? Here is a list of potential targets that we investigated (they all call gethostbyname, one way or another), but to the best of our knowledge, the buffer overflow cannot be triggered in any of them: apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql, nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, xinetd. Moral of the story, keep your systems as updated as possible, and run Linux on them. Edited January 28, 2015 by amenditman 1 Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 28, 2015 Author Share Posted January 28, 2015 Yes and basically the only current distro that is vulnerable is Debian stable and its derivatives (that stay with stable --- glibc not updated to current). Quote Link to comment Share on other sites More sharing options...
Corrine Posted January 28, 2015 Share Posted January 28, 2015 OT: I did a bit of a double-take when I saw this in the Recent Topics list. I have a long-time virtual friend who goes online by the name Ghost. He has used Linux for some time and has a scratch built box running Mint-17-Mate. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 28, 2015 Share Posted January 28, 2015 So, I'm not running a server. Am I vulnerable? Quote Link to comment Share on other sites More sharing options...
securitybreach Posted January 29, 2015 Author Share Posted January 29, 2015 So, I'm not running a server. Am I vulnerable? It has nothing to do with that. It depends on an old version of glibc that only Debian stable still uses. The version of glibc was updated in 2013 so most every single distro has long since updated. So unless your running Debian wheezy or an old version of a distro, you are vulnerable. As long as your packages and distro are up to date, you are perfectly fine. Another good reason to stay up to date. 1 Quote Link to comment Share on other sites More sharing options...
V.T. Eric Layton Posted January 30, 2015 Share Posted January 30, 2015 Slackware sent updates for all the glibc's down the pike yesterday. 1 Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.