Results 1 to 2 of 2

Thread: GHOST / gethostbyname() Remote Exploit

  1. #1
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts

    GHOST / gethostbyname() Remote Exploit

    Hey all, a new bug in Linux, yey (thanks to php for pointing me to it).

    A small collection of stuff:

    https://news.ycombinator.com/item?id=8953545

    Updating libc6 (I had to update like 200 MB for 32-bit and 21 MB for 64-bit):

    Code:
    apt-get update
    apt-get install libc6
    apt-get install libc6-amd64
    Now here comes the issue: even after updating the 64-bit libs, the CVE-source was still showing "vulnerable". I figured out WHY, and saw that the libc6.so.6 link was pointing to 2.14, BUT 2.13 is the newest version:

    Code:
    # /lib/x86_64-linux-gnu/libc-2.13.so = THE NEW ONE
    # /lib/x86_64-linux-gnu/libc-2.14.so = THE OLD ONE, even it's higher version...
    ln -sf /lib/x86_64-linux-gnu/libc-2.13.so /lib/x86_64-linux-gnu/libc.so.6
    Another way is to rename libc-2.14.so to IGNORE_libc-2.14.so (as backup) and call:
    Code:
    ldconfig
    It will automatically update the lib6.so.6 link to the "latest" .so-file.


    Check version 32-bit:

    Code:
     # /lib32/libc.so.6
    GNU C Library (Debian EGLIBC 2.13-38+deb7u7) stable release version 2.13, by Roland McGrath et al.
    Copyright (C) 2011 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    Compiled by GNU CC version 4.4.7.
    Compiled on a Linux 3.2.65 system on 2015-01-26.
    Available extensions:
            crypt add-on version 2.1 by Michael Glad and others
            GNU Libidn by Simon Josefsson
            Native POSIX Threads Library by Ulrich Drepper et al
            BIND-8.2.3-T5B
    libc ABIs: UNIQUE IFUNC
    For bug reporting instructions, please see:
    <http://www.debian.org/Bugs/>.

    Check version 64-bit:

    Code:
    # ldd CVE-2015-0235
            linux-vdso.so.1 =>  (0x00007fff28dff000)
            libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f380bade000)
            /lib64/ld-linux-x86-64.so.2 (0x00007f380be74000)
    # /lib/x86_64-linux-gnu/libc.so.6
    GNU C Library (Debian EGLIBC 2.13-38+deb7u7) stable release version 2.13, by Roland McGrath et al.
    Copyright (C) 2011 Free Software Foundation, Inc.
    This is free software; see the source for copying conditions.
    There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
    PARTICULAR PURPOSE.
    Compiled by GNU CC version 4.4.7.
    Compiled on a Linux 3.2.65 system on 2015-01-26.
    Available extensions:
            crypt add-on version 2.1 by Michael Glad and others
            GNU Libidn by Simon Josefsson
            Native POSIX Threads Library by Ulrich Drepper et al
            BIND-8.2.3-T5B
    libc ABIs: UNIQUE IFUNC
    For bug reporting instructions, please see:
    <http://www.debian.org/Bugs/>.
    After update: restart whole server or at least every public service (email, webserver, mysql...) like:

    Code:
    /etc/init.d/apache2 restart
    /etc/init.d/mongodb restart
    /etc/init.d/lighttpd restart
    /etc/init.d/mysql restart
    /etc/init.d/postfix restart
    /etc/init.d/couchdb restart
    /etc/init.d/proftpd restart
    /etc/init.d/ssh restart

    Source for testing (64-bit):

    Code:
    wget https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c
    gcc gistfile1.c -o CVE-2015-0235
    ./CVE-2015-0235
    not vulnerable
    32-bit:
    Code:
    # gcc gistfile1.c -o CVE-2015-0235 -m32
    # ./CVE-2015-0235
    not vulnerable
    Collection of all info is welcome.
    timescale 0.01

  2. #2
    Assadministrator kung foo man's Avatar
    Join Date
    Jun 2012
    Location
    trailerpark
    Posts
    2,010
    Thanks
    2,102
    Thanked 1,084 Times in 753 Posts
    Ok, for some reason I woke up and the game servers were down...

    Had to reinstall gcc / mysql dev stuff:

    Code:
    apt-get install libmysqlclient-dev:i386
    apt-get install g++-multilib
    The "funny" thing was, when I installed libmysqlclient-dev:i386, it removed g++-multilib, hence the reinstall.
    timescale 0.01

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •