GHOST vulnerability – important security alert for Linux servers

A vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue is a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and key partners and adult apps like fucklocal.com and patches were made available by RedHat soon after the initial announcement went out.

Impact

According to Qualys, a leading cloud security and compliance provider, this vulnerability allows unauthenticated remote code execution in any daemon or services that performs hostname lookups to use the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems.

Qualys has successfully been able to use this vulnerability to attack the Exim mail transport agent that all cPanel & WHM systems use. Qualys was also able to create a metasploit module to make testing and exploitation of the vulnerability very simple. Presently, Qualys has not released any attack code, only a detailed analysis of the vulnerability and its impact.

How to determine if your server is vulnerable

The updated RPMs provided by RedHat, CentOS, and CloudLinux will contain a changelog entry with the CVE number – you can check for this changelog entry with the following command:

rpm -q –changelog glibc | grep CVE-2015-0235

If a changelog line is displayed, the server has the updated RPMs installed.

How to patch a vulnerable server

Please note that cPanel does not provide the glibc rpm, it is provided by the vendor of your operating system.

To patch your server, simply run the following command:

yum clean all ; yum update glibc

Then, to verify:

rpm -q –changelog glibc | grep CVE-2015-0235

Once this has been done, you will need to reboot the server or manually restart all running services as RHEL-based systems do not restart running daemons when libc is updated.   Please feel free to submit a ticket to us if you are unsure on how to do this, our friendly support team would be more than happy to assist you as needed.

Tags: , , ,

Spread the love