Thanks to https://gist.github.com/koelling/ef9b2b9d0be6d6dbab63 for a script to test for this vulnerability.
Update: Another option for Debian, at least, is to check ldd –version
ldd --version ldd (Debian EGLIBC 2.13-38+deb7u7) 2.13
Check the last digit in the minor release number, ‘deb7u7’ is good, ‘deb7u6’ or less are vulnerable.
First download the file:
If you have a certificate error you may want to use the wget –no-check-certificate option
wget --no-check-certificate https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c
Then run this to check
gcc gistfile1.c -o CVE-2015-0235
You may get a gcc file not found error
# gcc gistfile1.c -o CVE-2015-0235 -bash: gcc: command not found
— I am assuming at this time that it means th GNU LibC glibc is not installed and therefore the system is not vulnerable. Similarly the Synology NAS devices that I use are all showing a null result for glibc.
…..but if gcc is available, then use this to show the result:
Either your will be “vulnerable” or “not vulnerable”
and you can follow my adventures in patching Debian and CentOS / CPanel servers for glibc in another post.
Thanks to https://news.ycombinator.com/item?id=8953545 for linking me to this originally.