Critical vulnerability - the GHOST vulnerability (CVE-2015-0234)
1/30/2015
Critical vulnerability - the GHOST vulnerability (CVE-2015-0234)

We want to draw your attention to a very serious vulnerability of most linux distributions using glibc library.

 

What it is about

The GHOST vulnerability uses the vulnerability of glibc library, which is an integral part of all linux distributions. It is basically an implementation of the standard library of the language C together with necessary part for the system's core function. The vulnerability allows the attacker to take control of the system, using BUG which induces overflowing of the stack when using the query GetHost. GetHost function substitutes the DNS lookup, since it translates between the names of stations and IP addresses. The function uses the mechanism which determines if there is an IP address or name on the input. If the attacker sends the IP address of a pointless size of 1234.124525.1314.13134, he will cause a stack overflow and the subsequent collapse of the system.

 

Vulnerable systems

This kind of vulnerability attacks linux systems only. The following are primarily in danger:

  • Centos 6 & 7
  • Debian 7
  • Red Hat Enterprise Linux 6 & 7
  • Ubuntu 10.04 & 12.04
  • All unsupported older versions

 

How to fight back

Make sure you have the most current version 2.18 of the library glibc (GNU C). All systems that use the library versions of glbic 2.2 up to 2.17 are at risk and it is necessary to patch them.

 

How to find out the version of your library

Debian & Ubuntu – you can find out the glibc version by using the query for the version Idd in this form:
ldd –version
At the first line of the output you will find the eglibc version, which is the glibc library in the Debin and Ubuntu environments. Your system is safe if your library corresponds with, or if it is newer than the possibilities stated below:

  • Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
  • Ubuntu 10.04 LTS: 2.11-1-0ubuntu7.20
  • Debiant 7 LTS: 2.13-38+deb7u7

CentOS & RHEL – you can find out the glibc version by using the query:
rpm –q glibc
The output should roughly look this way: glibc-2.12-1.132.el6_5.4.x86_64. As described in the previous case if your version corresponds with, or if it is newer than the possibilities stated below, your system is safe:

  • CentOS 6: glibc-2.12-1.149.e16_6.5
  • CentOS 7: glibc-2.17-55e.17_0.5
  • RHEL 5: glibc-2.5-123.el5_11.1
  • RHEL 6: glibc-2.12-1.149.el6_6.5
  • RHEL 7: glibc-2.17-55.el7_0.5

 

Recommendations

If your system uses glibc library that is older than stated in the list above, we strongly recommend updating the library version to provide security.

More details are available on request.