Home | Blog | Software | Reviews and Features | Forum | Help | Donate | About us
topbanner_forum
  *

avatar image

Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
  • December 07, 2016, 04:49:00 AM
  • Proudly celebrating 10 years online.
  • Donate now to become a lifetime supporting member of the site and get a non-expiring license key for all of our programs.
  • donate

Author Topic: ALERT! How to test for GHOST security hole now affecting major distros  (Read 4023 times)

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
This one is fairly serious. It's called "GHOST."

Here's the background info:

Quote
GHOST, a critical Linux security hole, is revealed

Summary:This security hole, which impacts many older versions of Linux and some current ones, should be patched as soon as possible.

By Steven J. Vaughan-Nichols for Linux and Open Source | January 27, 2015 -- 19:33 GMT (11:33 PST)



Researchers at cloud security company Qualys have discovered a major security hole, GHOST (CVE-2015-0235), in the Linux GNU C Library (glibc). This vulnerability enables hackers to remotely take control of systems without even knowing any system IDs or passwords.

Qualys alerted the major Linux distributors about the security hole quickly and most have now released patches for it. Josh Bressers, manager of the Red Hat product security team said in an interview that, "Red Hat got word of this about a week ago. Updates to fix GHOST on Red Hat Enterprise Linux (RHEL) 5, 6, and 7 are now available via the Red Hat Network."

This hole exists in any Linux system that was built with glibc-2.2, which was released on November 10, 2000. Qualys found that the bug had actually been patched with a minor bug fix released on May 21, 2013 between the releases of glibc-2.17 and glibc-2.18. <more>

To test to see if you're vulnerable see this article.

---------------------------------------------------------------------------------------------------------

For those who are new - or new enough to Linux - to not understand the part about compiling, do the following:

1) Copy and past all of the following code into your text editor and save it as ghosttest.c

This is the code
/* ghosttest.c:  GHOST vulnerability tester */
/* Credit: http://www.openwall.com/lists/oss-security/2015/01/27/9 */
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
 
#define CANARY "in_the_coal_mine"
 
struct {
  char buffer[1024];
  char canary[sizeof(CANARY)];
} temp = { "buffer", CANARY };
 
int main(void) {
  struct hostent resbuf;
  struct hostent *result;
  int herrno;
  int retval;
 
  /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/
  size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;
  char name[sizeof(temp.buffer)];
  memset(name, '0', len);
  name[len] = '\0';
 
  retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);
 
  if (strcmp(temp.canary, CANARY) != 0) {
    puts("vulnerable");
    exit(EXIT_SUCCESS);
  }
  if (retval == ERANGE) {
    puts("not vulnerable");
    exit(EXIT_SUCCESS);
  }
  puts("should not happen");
  exit(EXIT_FAILURE);
}
 


2) Open a terminal session (press: CTRL-ALT-T) and change to the directory where you saved ghosttest.c

3) Compile the file you just saved by entering the following command at the prompt: gcc ghosttest.c -o ghosttest

4) When completed (takes about 1 second) run it with the following command: ./ghosttest

Hopefully, you'll see output similar to the following:

    gh.png

What you're looking for is that "not vulnerable" at the bottom. If that's the case, no problem. If you see "vulnerable" check with your distro's website to see the status of where they are with getting out a security patch to correct it. In most cases the patch will be delivered through your distro's update manager when it's available. Which should be very shortly if it isn't available already.

Luck! :tellme: :Thmbsup:

(Note: Mint 17.1 should not be vulnerable. But check your installation anyway just to be sure.)


« Last Edit: January 29, 2015, 12:56:18 PM by 40hz »

rgdot

  • Supporting Member
  • Joined in 2009
  • **
  • Posts: 1,879
    • View Profile
    • Donate to Member
Re: ALERT! How to test for major security hole now affecting major distros
« Reply #1 on: January 28, 2015, 10:39:41 PM »
Thanks for this. After running Mint 13 update manager including libc updates:

Selection_010.png



Deozaan

  • Charter Member
  • Joined in 2006
  • ***
  • Points: 1
  • Posts: 7,714
    • View Profile
    • The Blog of Deozaan
    • Read more about this member.
    • Donate to Member
Re: ALERT! How to test for major security hole now affecting major distros
« Reply #2 on: January 29, 2015, 01:13:29 AM »
I couldn't get it to compile. Got an error about netdb.h not existing. On a relatively fresh/vanilla install of Mint 17.1 Cinnamon.

I ran "apt-get install build-essential" and then it compiled. Not vulnerable. Yay!

Thanks for the warning.

Aside: Maybe you should change the thread title to include "ghost" to make it easier to find in search results? (You can also change your "quote" tags to "code" tags for it to more accurately preserve code formatting in the ghost.c source.)

« Last Edit: January 29, 2015, 01:24:37 AM by Deozaan »

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: ALERT! How to test for GHOST security hole now affecting major distros
« Reply #3 on: January 29, 2015, 06:50:29 AM »
Maybe you should change the thread title to include "ghost" to make it easier to find in search results?

Good idea. Thx. It's done!  :) :Thmbsup:

ewemoa

  • Honorary Member
  • Joined in 2008
  • **
  • Posts: 2,845
    • View Profile
    • Donate to Member
Re: ALERT! How to test for GHOST security hole now affecting major distros
« Reply #4 on: January 31, 2015, 09:25:19 AM »
Thanks for the heads up.



It appears I got lucky this time -- apparently recent versions of NixOS are unaffected (14.04, 14.12), though 13.10 may be vulnerable.
« Last Edit: January 31, 2015, 09:36:58 AM by ewemoa »

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: ALERT! How to test for GHOST security hole now affecting major distros
« Reply #5 on: January 31, 2015, 10:10:33 AM »
I have mixed feelings about this and other high-profile vulnerabilities that have hit Linux recently. I'm really sorry that people are having to deal with these things and so much data on Linux systems world-wide have been at serious risk.

However, there is a part of me that is really enjoying the peacefully quiet void left by all the idiots who use to yell at the top of their lungs about how Linux is the only operating system people should use because it would never, ever be hit with a serous security flaw like Windows has been in the past because of the awesomeness that is open-source software.

People need to realize that all software of any significant size and complexity can have bugs and vulnerabilities because people, even open-source devs, can and will make mistakes. Even the much-vaunted Mac OS X has had some seriously wicked vulnerabilities and security flaws. They just don't get much press because the user base is so small.

40hz

  • Supporting Member
  • Joined in 2007
  • **
  • Posts: 11,768
    • View Profile
    • Donate to Member
Re: ALERT! How to test for GHOST security hole now affecting major distros
« Reply #6 on: January 31, 2015, 01:14:24 PM »
However, there is a part of me that is really enjoying the peacefully quiet void left by all the idiots who use to yell at the top of their lungs about how Linux is the only operating system people should use because it would never, ever be hit with a serous security flaw like Windows has been in the past because of the awesomeness that is open-source software.

The operable word there is "idiots."

Nobody who knows anything about software, particularly operating systems, would ever make such an argument. In fact, the common wisdom for the last several years has been: When Linux reaches enough critical mass to be worth targeting, Linux will be targeted just like any other OS.

The big difference with Linux is how often and quickly issues get identified, publicly acknowledged, and fixed when they come to light.

I haven't seen that anywhere else. And I started back when things like Unix, VAX, VM/CMS and OS/360 were the operating systems that got used.



« Last Edit: January 31, 2015, 03:13:05 PM by 40hz »

Innuendo

  • Charter Member
  • Joined in 2005
  • ***
  • default avatar
  • Posts: 2,255
    • View Profile
    • Donate to Member
Re: ALERT! How to test for GHOST security hole now affecting major distros
« Reply #7 on: February 04, 2015, 10:09:30 PM »
40hz, I agree with every point you made. I'm just enjoying the peace and quiet while the idiots find something else to beat their drums about.