• Your cart is empty
  •  

SimplerCloud Pte Ltd

×
×

News: Critical Advisory: "GHOST" glibc library vulnerability in most Linux systems

Published: 30/01/2015 Back

Critical Alert: "GHOST" glib library vulnerability in most Linux systems


References:


GHOST: glibc vulnerability (CVE-2015-0235)
The GHOST Vulnerability


This advisory is provided as a courtesy.


We would like to bring to your attention a newly discovered security bug affecting Linux's GNU C Library (glibc), which is the standard C library found on Linux operating systems, such as Ubuntu and CentOS, among others. It allows attackers to use this security vulnerability to gain full access to a Linux-based system without the needs of normal system credentials.


Most Linux system customers are affected. You are strongly advised to apply the relevant fixes to any affected systems immediately.


The security bug was discovered by Qualys during their internal code audit and has been assigned bug-ID: CVE-2015-0235.


Impact


If this vulnerability is not addressed, Linux servelets/servers will be at risk of being hacked and attackers will be able to use the vulnerability to gain unauthorised access to your system.


Affected Operating Systems


Almost all Linux servers, including newer operating systems such as CentOS 6 and 7, as well as Ubuntu 12.04 and Debian 7, are affected. However, the newest version of Ubuntu 14.04, is notably not affected.


Check if Affected


The University of Chicago's IT Services has released a simple C script which can be compiled on your Linux-based system to confirm if your system is vulnerable or not. These are the simple steps on how to download, compile and run the script:


wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
gcc GHOST.c -o GHOST
./GHOST


The script will give output on whether your system is vulnerable or not. For example:


====
root@hostbill-01:/home/indra/ghost-test# wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
--2015-01-30 11:53:01--  https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
Resolving webshare.uchicago.edu (webshare.uchicago.edu)... 128.135.22.61
Connecting to webshare.uchicago.edu (webshare.uchicago.edu)|128.135.22.61|:443... connected.
HTTP request sent, awaiting response... 200 OK
Length: 1046 (1.0K) [text/x-csrc]
Saving to: âGHOST.câ

100%[===================================================================================================================================================================================================>] 1,046       --.-K/s   in 0s

2015-01-30 11:53:04 (138 MB/s) - âGHOST.câ saved [1046/1046]

root@hostbill-01:/home/indra/ghost-test# gcc -o GHOST GHOST.c
root@hostbill-01:/home/indra/ghost-test# ./GHOST
not vulnerable
====


Note: If you see this error message when you try to run gcc:


[root@sc-centos66-64b ~]# gcc GHOST.c -o GHOST
-bash: gcc: command not found


That means gcc is not installed on your system. You can install gcc by running these commands:


On CentOS:


yum install gcc


On Ubuntu:


sudo apt-get install gcc


How to Fix the Problem


To fix this problem and to ensure that your servelets/servers are not affected by this vulnerability, please proceed to install the latest patches for your operating system.


On Ubuntu/Debian systems:

sudo apt-get update
sudo apt-get upgrade
sudo apt-get dist-upgrade

and then reboot the system.

On CentOS systems:

yum update

and then reboot the system.


You might want to run the GHOST vulnerability checker script again after you reboot your system to ensure that your system is no longer vulnerable.


Take note that you would need to reboot the system after the update to ensure that all applications which are using GNU C library will also be restarted and forced to use the new version of the library.


More information:


https://access.redhat.com/articles/1332213
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
http://www.openwall.com/lists/oss-security/2015/01/27/9
http://threatpost.com/ghost-glibc-remote-code-execution-vulnerability-affects-all-linux-systems/110679
https://itservices.uchicago.edu/page/ghost-vulnerability
https://nakedsecurity.sophos.com/2015/01/29/the-ghost-vulnerability-what-you-need-to-know/


Request Assistance


If needed, we will perform the patch installation for you at a one-time discounted fee of $25. Please submit your order at Order -> Additional Services -> Select Vulnerability Fix: Bash Bug/Shellshock, Windows SCHANNEL, GHOST glibc FIX - $25


Or please first open a support ticket and give us the hostname, IP address and OS template. You can find this information on your servelet's control panel.


For example:


Hostname: test-dd
IP Address: 103.25.202.81
OS Template: CentOS 6.5 (64-bit) 20140123a

Thank you.


SimplerCloud Support Team