GHOST: glibc gethostbyname buffer overflow

Ambarishrh

A major security vulnerability was released for glibc today

http://www.openwall.com/lists/oss-security/2015/01/27/9

scottalanmiller

Oh man, glibc is pretty ubiquitous.

scottalanmiller

I suspect that this will be patched in no time, though. A lot of eyes on glibc.

Ambarishrh

Redhat seems like they have it patched for only 5! Still checking on possible patches but more worried about breaking something!

scottalanmiller

@ambarishrh said:

Redhat seems like they have it patched for only 5! Still checking on possible patches but more worried about breaking something!

They are likely going version by version.

Ambarishrh

Hope to get for version 6 as well. Meantime I got Lynis enterprise for our servers! Currently working on installing it on all servers and doing a complete audit, just to make sure nothing slipped of.

Ambarishrh

cPanel has posted the following article regarding this vulernability.

http://documentation.cpanel.net/display/CKB/CVE-2015-0235+GHOST

You can check if your server is affected by running the following command. If this was patched it should show a line in the output which indicates it was patched.

rpm -q --changelog glibc | grep CVE-2015-0235

Fix mentioned is to do an yum upgrade which updates glibc, but doesnt seems like CentOS has this yet

Ambarishrh

Looks like the scope of affected apps may be smaller than originally anticipated:

http://seclists.org/oss-sec/2015/q1/283

scottalanmiller

Good deal.

Reid Cooper

PHP and WordPress found to be vulnerable.

http://threatpost.com/php-applications-wordpress-subject-to-ghost-glibc-vulnerability/110755

scottalanmiller

@Reid-Cooper wonderful