{"id":1161,"date":"2015-01-28T12:39:05","date_gmt":"2015-01-28T01:39:05","guid":{"rendered":"http:\/\/howden.net.au\/thowden\/?p=1161"},"modified":"2015-01-28T12:39:05","modified_gmt":"2015-01-28T01:39:05","slug":"cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-testing","status":"publish","type":"post","link":"https:\/\/howden.net.au\/thowden\/2015\/01\/cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-testing\/","title":{"rendered":"CVE-2015-0235 Ghost glibc Debian Wheezy CentOS 5.11 6.6 gethost security Testing"},"content":{"rendered":"<p>Thanks to <a href=\"https:\/\/gist.github.com\/koelling\/ef9b2b9d0be6d6dbab63\" target=\"_blank\">https:\/\/gist.github.com\/koelling\/ef9b2b9d0be6d6dbab63<\/a> for a script to test for this vulnerability.<\/p>\n<p>Update:  Another option for Debian, at least, is to check ldd &#8211;version<\/p>\n<p>[code]ldd &#8211;version<br \/>\nldd (Debian EGLIBC 2.13-38+deb7u7) 2.13[\/code]<\/p>\n<p>Check the last digit in the minor release number, &#8216;deb7u7&#8217; is good, &#8216;deb7u6&#8217; or less are vulnerable.<\/p>\n<p>First download the file:<\/p>\n<p>[code]wget https:\/\/gist.githubusercontent.com\/koelling\/ef9b2b9d0be6d6dbab63\/raw\/de1730049198c64eaf8f8ab015a3c8b23b63fd34\/gistfile1.c[\/code]<\/p>\n<p>If you have a certificate error you may want to use the wget &#8211;no-check-certificate option<\/p>\n<p>[code]wget &#8211;no-check-certificate https:\/\/gist.githubusercontent.com\/koelling\/ef9b2b9d0be6d6dbab63\/raw\/de1730049198c64eaf8f8ab015a3c8b23b63fd34\/gistfile1.c[\/code]<\/p>\n<p>Then run this to check<\/p>\n<p>[code]gcc gistfile1.c -o CVE-2015-0235[\/code]<\/p>\n<p>You may get a gcc file not found error<\/p>\n<p>[code]# gcc gistfile1.c -o CVE-2015-0235<br \/>\n-bash: gcc: command not found[\/code]<\/p>\n<p>&#8212; I am assuming at this time that it means th GNU LibC glibc is not installed and therefore the system is not vulnerable. Similarly the Synology NAS devices that I use are all showing a null result for glibc.<\/p>\n<p>&#8230;..but if gcc is available, then use this to show the result:<\/p>\n<p>[code].\/CVE-2015-0235[\/code]<\/p>\n<p>Either your will be &#8220;vulnerable&#8221; or &#8220;not vulnerable&#8221;<\/p>\n<p>and you can follow my adventures in <a href=\"http:\/\/howden.net.au\/thowden\/2015\/01\/cve-2015-0235-ghost-glibc-debian-wheezy-centos-5-11-6-6-gethost-security-issue\/\" target=\"_blank\">patching Debian and CentOS \/ CPanel servers for glibc<\/a> in another post.<\/p>\n<p>Thanks to <a href=\"https:\/\/news.ycombinator.com\/item?id=8953545\" target=\"_blank\">https:\/\/news.ycombinator.com\/item?id=8953545<\/a> for linking me to this originally.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Thanks to https:\/\/gist.github.com\/koelling\/ef9b2b9d0be6d6dbab63 for a script to test for this vulnerability. Update: Another option for Debian, at least, is to check ldd &#8211;version [code]ldd &#8211;version ldd (Debian EGLIBC 2.13-38+deb7u7) 2.13[\/code] Check the last digit in the minor release number, &#8216;deb7u7&#8217; is good, &#8216;deb7u6&#8217; or less are vulnerable. First download the file: [code]wget https:\/\/gist.githubusercontent.com\/koelling\/ef9b2b9d0be6d6dbab63\/raw\/de1730049198c64eaf8f8ab015a3c8b23b63fd34\/gistfile1.c[\/code] If you [&hellip;]<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[14],"tags":[],"class_list":["post-1161","post","type-post","status-publish","format-standard","hentry","category-security"],"_links":{"self":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1161","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/comments?post=1161"}],"version-history":[{"count":0,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/posts\/1161\/revisions"}],"wp:attachment":[{"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/media?parent=1161"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/categories?post=1161"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/howden.net.au\/thowden\/wp-json\/wp\/v2\/tags?post=1161"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}