{"id":1467,"date":"2015-04-16T23:30:38","date_gmt":"2015-04-17T05:30:38","guid":{"rendered":"http:\/\/www.supportpro.com\/blog\/?p=1467"},"modified":"2026-06-19T04:03:30","modified_gmt":"2026-06-19T10:03:30","slug":"glibc-ghost-vulnerability-cve-2015-0235","status":"publish","type":"post","link":"https:\/\/www.supportpro.com\/blog\/glibc-ghost-vulnerability-cve-2015-0235\/","title":{"rendered":"How to Check and Fix the Glibc GHOST Vulnerability (CVE-2015-0235) in Linux Servers"},"content":{"rendered":"

Introduction<\/h1>\n

Server security vulnerabilities can expose key services and applications to attacks. One of these vulnerabilities is the GHOST vulnerability (CVE-2015-0235). This flaw was found in the GNU C Library (glibc) and impacts many Linux distributions. Since several essential services, such as SSH, Bash, and DNS-related applications, rely on glibc, it is crucial for system administrators to check if their servers are vulnerable and implement the necessary fixes. This article outlines how to check for the GHOST vulnerability and decide if your Linux server is at risk.<\/p>\n

On Linux servers, more than 60 binaries and major services, such as SSH, Nmap, and Bash, rely on the glibc libraries. A heap-based buffer overflow was found in __nss_hostname_digits_dots(), and an attacker could use this flaw to execute arbitrary code with the privilege of the users running the application using the function gethostbyname()<\/p>\n

Check if Your Server Is GHOST Vulnerable<\/h2>\n

\"\"<\/a><\/p>\n

 <\/p>\n

If the glibc version on your server is below 2.18, your server is most exposed to this vulnerability.<\/p>\n

You can check the glibc version on your server using the command given below.<\/p>\n

Verify the Installed glibc Version<\/h3>\n

#ldd –version<\/em><\/p>\n

Using the Qualys Test Program<\/h3>\n

Also, you can check if your server is vulnerable to a GHOST attack by using a program released by Qualys.<\/p>\n

Note: Use this program at your own risk.<\/p>\n

============<\/p>\n

#include <netdb.h><\/em>
\n#include <stdio.h><\/em>
\n#include <stdlib.h><\/em>
\n#include <string.h><\/em>
\n#include <errno.h><\/em>
\n#define CANARY “in_the_coal_mine”<\/em>
\nstruct {<\/em>
\n char buffer[1024];<\/em>
\n char canary[sizeof(CANARY)];<\/em>
\n} temp = { “buffer”, CANARY };<\/em>
\nint main(void) {<\/em>
\n struct hostent resbuf;<\/em>
\n struct hostent *result;<\/em>
\n int herrno;<\/em>
\n int retval;<\/em>
\n \/*** strlen (name) = size_needed – sizeof (*host_addr) – sizeof (*h_addr_ptrs) – 1; ***\/<\/em>
\n size_t len = sizeof(temp.buffer) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;<\/em>
\n char name[sizeof(temp.buffer)];<\/em>
\n memset(name, ‘0’, len);<\/em>
\n name[len] = ‘\\0’;<\/em>
\n retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);<\/em>
\n if (strcmp(temp.canary, CANARY) != 0) {<\/em>
\n puts(“vulnerable”);<\/em>
\n exit(EXIT_SUCCESS);<\/em>
\n }<\/em>
\n if (retval == ERANGE) {<\/em>
\n puts(“not vulnerable”);<\/em>
\n exit(EXIT_SUCCESS);<\/em>
\n }<\/em>
\n puts(“should not happen”);<\/em>
\n exit(EXIT_FAILURE);<\/em>
\n}<\/em><\/p>\n

============<\/p>\n