Page 1 of 1
GHOST Critical alert for all Linux users!
Posted: Wed Jan 28, 2015 4:54 pm
by RealBlackStuff
This critical vulnerability has been spotted: GHOST
See this:
http://www.zdnet.com/article/critical-l ... TRE17cfd61
Re: GHOST Critical alert for all Linux users!
Posted: Wed Jan 28, 2015 7:47 pm
by Neil
Whoa! That looks dangerous. Must have been fixed as soon as it was discovered, since I don't recall reading ab out any wide spread attacks like this hole would have made possible. Besides, it only seems to have affected older versions of most distro, as any distro with glibc newer than 2.17, wasn't vulnerable to this. But, I guess there are several people still running some LTS systems that were vulnerable.
Re: GHOST Critical alert for all Linux users!
Posted: Wed Jan 28, 2015 7:54 pm
by ajkula66
Thanks for the heads up.
I'm not booting any of my machines that run CentOS until the patch is released...
Re: GHOST Critical alert for all Linux users!
Posted: Thu Jan 29, 2015 1:55 am
by bit_twiddler
A friend who works in the computer security area sent me
the following shell script which you can use on RHEL/CENTOS/SL/etc to determine
if your system is at risk:
#!/bin/bash
#Version 3
echo "Installed glibc version(s)"
rv=0
for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')
glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }')
echo -n "- $glibc_nvr: "
if [ "$glibc_maj" -gt 2 -o \
\( "$glibc_maj" -eq 2 -a "$glibc_min" -ge 18 \) ]; then
# fixed upstream version
echo 'not vulnerable'
else
# all RHEL updates include CVE in rpm %changelog
if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then
echo "not vulnerable"
else
echo "vulnerable"
rv=1
fi
fi
done
if [ $rv -ne 0 ]; then
cat <<EOF
This system is vulnerable to CVE-2015-0235. <
https://access.redhat.com/security/cve/CVE-2015
-0235>
Please refer to <
https://access.redhat.com/articles/1332213> for remediation steps
EOF
fi
exit $rv
Re: GHOST Critical alert for all Linux users!
Posted: Thu Jan 29, 2015 2:19 am
by Dekks
Latest News: While still being a significant bug the calls related to the bug have been depreciated for a few years now & certainly GHOST isn't upto the impact of heartbleed.
Secondly someone patched the bug back in 2013 but never highlighted it as a security issue so any legacy installs such as Ubuntu 12.04 LTS never got the patched versions. If your on a rolling distro with glibc >2.17 then your OK.
Re: GHOST Critical alert for all Linux users!
Posted: Thu Jan 29, 2015 2:43 am
by rumbero
Furthermore, most desktop users should be on the safe size since long time already, as desktop release versions are typically based on much more current glibc versions.
If there is any reason for concern, it is mainly because of server systems which are not typically running the latest Linux software but, instead, a known stable release version with already a few years age...
Re: GHOST Critical alert for all Linux users!
Posted: Thu Jan 29, 2015 8:33 am
by Norway Pad
Does this also affect Debian based distros, line Antix? Debian 7 is mentioned, but I wouldn't have any idea where to even look for a patch.
Re: GHOST Critical alert for all Linux users!
Posted: Thu Jan 29, 2015 1:52 pm
by bit_twiddler
Does this also affect Debian based distros, line Antix? Debian 7 is mentioned, but I wouldn't have any idea where to even look for a patch.
What happens when you do:
sudo apt-get update
sudo apt-get upgrade