{"id":3862,"date":"2015-01-30T23:30:18","date_gmt":"2015-01-30T15:30:18","guid":{"rendered":"https:\/\/www.darknet.org.uk\/?p=3862"},"modified":"2015-01-30T23:30:53","modified_gmt":"2015-01-30T15:30:53","slug":"ghost-vulnerability-glibc-everything-need-know","status":"publish","type":"post","link":"https:\/\/www.darknet.org.uk\/2015\/01\/ghost-vulnerability-glibc-everything-need-know\/","title":{"rendered":"GHOST Vulnerability In glibc – Everything You Need To Know"},"content":{"rendered":"
So the big panic in the past week or so has been about this GHOST vulnerability in glibc which under certain circumstances can allow remote code execution (serious business!).<\/p>\n
So we’ve had Heartbleed<\/a>, POODLE<\/a> and Shellshock<\/a> and now we have awfully cute GHOST.<\/p>\n <\/p>\n The CVE for GHOST is – CVE-2015-0235<\/a>, the technical explanation:<\/p>\n Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.”\n<\/p><\/blockquote>\n The patches were released by major vendors on January 27th, so most people should be patched by now. It’s pretty widespread because basically every Linux system has GNU C Library or glibc, so before patching pretty much every Linux system is vulnerable (apart from Ubuntu 14.04 LTS which is safe out of the box).<\/p>\n This server is still on Ubuntu 10.04 LTS, the patching looks as below, this was the output before patching:<\/p>\n And after:<\/p>\nWhat is it?<\/h3>\n
ldd --version\r\nldd (Ubuntu EGLIBC 2.11.1-0ubuntu7.19) 2.11.1\r\nCopyright (C) 2009 Free Software Foundation, Inc.\r\nThis is free software; see the source for copying conditions. There is NO\r\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\r\nWritten by Roland McGrath and Ulrich Drepper.<\/pre>\n
ldd --version\r\nldd (Ubuntu EGLIBC 2.11.1-0ubuntu7.20) 2.11.1\r\nCopyright (C) 2009 Free Software Foundation, Inc.\r\nThis is free software; see the source for copying conditions. There is NO\r\nwarranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.\r\nWritten by Roland McGrath and Ulrich Drepper.<\/pre>\n