CVE-2015-0235 Ghost glibc Debian Wheezy CentOS 5.11 6.6 gethost security Testing

Thanks to https://gist.github.com/koelling/ef9b2b9d0be6d6dbab63 for a script to test for this vulnerability.

Update: Another option for Debian, at least, is to check ldd –version

[code]ldd –version
ldd (Debian EGLIBC 2.13-38+deb7u7) 2.13[/code]

Check the last digit in the minor release number, ‘deb7u7’ is good, ‘deb7u6’ or less are vulnerable.

First download the file:

[code]wget https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c[/code]

If you have a certificate error you may want to use the wget –no-check-certificate option

[code]wget –no-check-certificate https://gist.githubusercontent.com/koelling/ef9b2b9d0be6d6dbab63/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c[/code]

Then run this to check

[code]gcc gistfile1.c -o CVE-2015-0235[/code]

You may get a gcc file not found error

[code]# gcc gistfile1.c -o CVE-2015-0235
-bash: gcc: command not found[/code]

— I am assuming at this time that it means th GNU LibC glibc is not installed and therefore the system is not vulnerable. Similarly the Synology NAS devices that I use are all showing a null result for glibc.

…..but if gcc is available, then use this to show the result:

[code]./CVE-2015-0235[/code]

Either your will be “vulnerable” or “not vulnerable”

and you can follow my adventures in patching Debian and CentOS / CPanel servers for glibc in another post.

Thanks to https://news.ycombinator.com/item?id=8953545 for linking me to this originally.

Leave a Reply

Your email address will not be published. Required fields are marked *