{"id":1467,"date":"2015-04-16T23:30:38","date_gmt":"2015-04-17T05:30:38","guid":{"rendered":"http:\/\/www.supportpro.com\/blog\/?p=1467"},"modified":"2019-03-07T17:53:06","modified_gmt":"2019-03-07T23:53:06","slug":"glibc-ghost-vulnerability-cve-2015-0235","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/glibc-ghost-vulnerability-cve-2015-0235\/","title":{"rendered":"Glibc &#8211; GHOST vulnerability &#8211; CVE-2015-0235 and the Fix"},"content":{"rendered":"<p>In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname()<\/p>\n<p style=\"text-align: center;\"><a class=\"lightbox\" href=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2015\/04\/ghost-vulnerability-glibc.jpg\" data-rel=\"penci-gallery-image-content\" ><img fetchpriority=\"high\" decoding=\"async\" class=\"alignright size-full wp-image-3609\" src=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2015\/04\/ghost-vulnerability-glibc.jpg\" alt=\"\" width=\"856\" height=\"250\" srcset=\"https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2015\/04\/ghost-vulnerability-glibc.jpg 856w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2015\/04\/ghost-vulnerability-glibc-300x88.jpg 300w, https:\/\/www.supportpro.com\/blog\/wp-content\/uploads\/2015\/04\/ghost-vulnerability-glibc-768x224.jpg 768w\" sizes=\"(max-width: 856px) 100vw, 856px\" \/><\/a><\/p>\n<p>&nbsp;<\/p>\n<p><span style=\"text-decoration: underline;\"><strong>Check if your server is GHOST vulnerable<\/strong><\/span><\/p>\n<p>If the glibc version in your server is lower than 2.18, then your server is most exposed to this vulnerability.<\/p>\n<p>You can check the glibc version in your server using the command given below.<\/p>\n<p><em>#ldd &#8211;version<!--more--><\/em><\/p>\n<p>Also, you can check if your server is vulnerable to GHOST attack by using a program released by Qualsys.<\/p>\n<p>Note: Use this program at your own risk.<\/p>\n<p>============<\/p>\n<p><em>#include &lt;netdb.h&gt;<\/em><br \/>\n<em>#include &lt;stdio.h&gt;<\/em><br \/>\n<em>#include &lt;stdlib.h&gt;<\/em><br \/>\n<em>#include &lt;string.h&gt;<\/em><br \/>\n<em>#include &lt;errno.h&gt;<\/em><br \/>\n<em>#define CANARY &#8220;in_the_coal_mine&#8221;<\/em><br \/>\n<em>struct {<\/em><br \/>\n<em> char buffer[1024];<\/em><br \/>\n<em> char canary[sizeof(CANARY)];<\/em><br \/>\n<em>} temp = { &#8220;buffer&#8221;, CANARY };<\/em><br \/>\n<em>int main(void) {<\/em><br \/>\n<em> struct hostent resbuf;<\/em><br \/>\n<em> struct hostent *result;<\/em><br \/>\n<em> int herrno;<\/em><br \/>\n<em> int retval;<\/em><br \/>\n<em> \/*** strlen (name) = size_needed &#8211; sizeof (*host_addr) &#8211; sizeof (*h_addr_ptrs) &#8211; 1; ***\/<\/em><br \/>\n<em> size_t len = sizeof(temp.buffer) &#8211; 16*sizeof(unsigned char) &#8211; 2*sizeof(char *) &#8211; 1;<\/em><br \/>\n<em> char name[sizeof(temp.buffer)];<\/em><br \/>\n<em> memset(name, &#8216;0&#8217;, len);<\/em><br \/>\n<em> name[len] = &#8216;\\0&#8217;;<\/em><br \/>\n<em> retval = gethostbyname_r(name, &amp;resbuf, temp.buffer, sizeof(temp.buffer), &amp;result, &amp;herrno);<\/em><br \/>\n<em> if (strcmp(temp.canary, CANARY) != 0) {<\/em><br \/>\n<em> puts(&#8220;vulnerable&#8221;);<\/em><br \/>\n<em> exit(EXIT_SUCCESS);<\/em><br \/>\n<em> }<\/em><br \/>\n<em> if (retval == ERANGE) {<\/em><br \/>\n<em> puts(&#8220;not vulnerable&#8221;);<\/em><br \/>\n<em> exit(EXIT_SUCCESS);<\/em><br \/>\n<em> }<\/em><br \/>\n<em> puts(&#8220;should not happen&#8221;);<\/em><br \/>\n<em> exit(EXIT_FAILURE);<\/em><br \/>\n<em>}<\/em><\/p>\n<p>============<\/p>\n<ul>\n<li>Save the above program to a file name ghostcheck.c<\/li>\n<li>Compile the program using the command given below.<\/li>\n<\/ul>\n<p><em>#gcc ghostcheck.c -o ghostcheck<\/em><\/p>\n<ul>\n<li>Run the program using the command,<\/li>\n<\/ul>\n<p><em>.\/ghostcheck<\/em><\/p>\n<p>If your server is not exposed to risks, you will be notified with a message \u2018not vulnerable\u2019 and vice versa upon successful execution of this program.<\/p>\n<p>If you require help, <a href=\"https:\/\/www.supportpro.com\/requestquote.php\">contact SupportPRO Server Admin<\/a><\/p>\n<p style=\"text-align: center;\"><!--HubSpot Call-to-Action Code --><span id=\"hs-cta-wrapper-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-wrapper\"><span id=\"hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-node hs-cta-9d590242-d641-4383-94b4-8cfd62f0af6b\"><!-- [if lte IE 8]><\/p>\n\n\n\n\n\n<div id=\"hs-cta-ie-element\"><\/div>\n\n\n<![endif]--><a href=\"https:\/\/cta-redirect.hubspot.com\/cta\/redirect\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b\"><img decoding=\"async\" id=\"hs-cta-img-9d590242-d641-4383-94b4-8cfd62f0af6b\" class=\"hs-cta-img\" style=\"border-width: 0px;\" src=\"https:\/\/no-cache.hubspot.com\/cta\/default\/2725694\/9d590242-d641-4383-94b4-8cfd62f0af6b.png\" alt=\"Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value\" \/><\/a><\/span><script charset=\"utf-8\" src=\"https:\/\/js.hscta.net\/cta\/current.js\"><\/script><script type=\"text\/javascript\"> hbspt.cta.load(2725694, '9d590242-d641-4383-94b4-8cfd62f0af6b', {}); <\/script><\/span><!-- end HubSpot Call-to-Action Code --><\/p>\n","protected":false},"excerpt":{"rendered":"<p>In Linux servers, more than 60 binaries and major services such as SSH, Named, Bash etcrely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots() and an&hellip;<\/p>\n","protected":false},"author":5,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_lmt_disableupdate":"","_lmt_disable":"","footnotes":""},"categories":[4,3],"tags":[],"class_list":["post-1467","post","type-post","status-publish","format-standard","hentry","category-server-security","category-technical-articles"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1467","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/users\/5"}],"replies":[{"embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/comments?post=1467"}],"version-history":[{"count":8,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1467\/revisions"}],"predecessor-version":[{"id":3807,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/posts\/1467\/revisions\/3807"}],"wp:attachment":[{"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/media?parent=1467"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/categories?post=1467"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.supportpro.com\/blog\/wp-json\/wp\/v2\/tags?post=1467"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}