Introduction
On January 27, 2015, a GNU C Library (glibc) vulnerability, referred to as the GHOST vulnerability, was announced to the general public. In summary, the vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in glibc's GetHOST functions (hence the name). Like Shellshock and Heartbleed, this vulnerability is serious and affects many servers.The GHOST vulnerability can be exploited on Linux systems that use versions of the GNU C Library prior to
glibc-2.18
. That is, systems that use an unpatched version of glibc from versions 2.2
to 2.17
are at risk. Many Linux distributions including, but not limited to,
the following are potentially vulnerable to GHOST and should be patched:- CentOS 6 & 7
- Debian 7
- Red Hat Enterprise Linux 6 & 7
- Ubuntu 10.04 & 12.04
- End of Life Linux Distributions
Check System Vulnerability
The easiest way to test if your servers are vulnerable to GHOST is to check the version of glibc that is in use. We will cover how to do this in Ubuntu, Debian, CentOS, and RHEL.Note that binaries that are statically linked to the vulnerable glibc must be recompiled to be made safe—this test does not cover these cases, only the system's GNU C Library.
Ubuntu & Debian
Check the version glibc by looking up the version ofldd
(which uses glibc) like this:ldd --version
The first line of the output will contain the version of eglibc, the
variant of glibc that Ubuntu and Debian use. It might look like this,
for example (the version is highlighted in this example):ldd (Ubuntu EGLIBC 2.15-0ubuntu10.7) 2.15
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.
If the version of eglibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:- Ubuntu 12.04 LTS:
2.15-0ubuntu10.10
- Ubuntu 10.04 LTS:
2.11.1-0ubuntu7.20
- Debian 7 LTS:
2.13-38+deb7u7
CentOS & RHEL
Check the version glibc withrpm
:rpm -q glibc
The output should look like this, with the package name followed by version information:glibc-2.12-1.132.el6_5.4.x86_64
If the version of glibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:- CentOS 6:
glibc-2.12-1.149.el6_6.5
- CentOS 7:
glibc-2.17-55.el7_0.5
- RHEL 5:
glibc-2.5-123.el5_11.1
- RHEL 6:
glibc-2.12-1.149.el6_6.5
- RHEL 7:
glibc-2.17-55.el7_0.5
Fix Vulnerability
The easiest way to fix the GHOST vulnerability is to use your default package manager to update the version of glibc. The following subsections cover updating glibc on various Linux distributions, including Ubuntu, Debian, CentOS, and Red Hat.APT-GET: Ubuntu / Debian
For currently supported versions of Ubuntu or Debian, update all of your packages to the latest version available viaapt-get dist-upgrade
:sudo apt-get update && sudo apt-get dist-upgrade
Then respond to the confirmation prompt with y
.When the update is complete, reboot the server with this command:
sudo reboot
A reboot is necessary since the GNU C Library is used by many applications that must be restarted to use the updated library.Now verify that your system is no longer vulnerable by following the instructions in the previous section (Check System Vulnerability).
YUM: CentOS / RHEL
Update glibc to the latest version available viayum
:sudo yum update glibc
Then respond to the confirmation prompt with y
.When the update is complete, reboot the server with this command:
sudo reboot
A reboot is necessary since the GNU C Library is used by many applications that must be restarted to use the updated library.Now verify that your system is no longer vulnerable by following the instructions in the previous section (Check System Vulnerability).
No comments:
Post a Comment