Welcome, Guest. Please login or register.
Did you miss your activation email?
Friday 13 December 2024, 04:37:48 pm

Login with username, password and session length

The Latest Endian Firewall is now available for download HERE
14261 Posts in 4377 Topics by 6517 Members
Latest Member: Sandro
Search:     Advanced search
+  EFW Support
|-+  Support
| |-+  General Support
| | |-+  GHOST glibc vulnerability
0 Members and 1 Guest are viewing this topic. « previous next »
Pages: [1] Go Down Print
Author Topic: GHOST glibc vulnerability  (Read 23237 times)
pwm
Jr. Member
*
Offline Offline

Posts: 2


« on: Friday 30 January 2015, 02:20:11 pm »

Hi,
 Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update?

Thanks
Logged
raxor
Jr. Member
*
Offline Offline

Posts: 4


« Reply #1 on: Friday 30 January 2015, 07:43:10 pm »

Yep it's vulnerable.

Community 2.52 at least

Code:
root@FIREWALL_EFW:/tmp # bash GHOST-test.sh
Installed glibc version(s)
- glibc-2.3.4-2.41.endian9.i386: vulnerable

i don't know how to fix or  any other workaround.

Any advice are welcome.



Logged
zeramos
Jr. Member
*
Offline Offline

Posts: 1


« Reply #2 on: Tuesday 03 February 2015, 12:07:56 am »

Hello , I find nothing on this subject in endian communities, found some information?

TY!
Logged
boergnet
Full Member
***
Offline Offline

Posts: 16


« Reply #3 on: Friday 06 February 2015, 08:44:01 am »

Hello to everyone.
I can confirm that my Community 3.0.0  is vulnerable
There might be a fix for this like there was a fix in this forum for shellshock from the Oracle repository.
Maybe someone could download the latest glibc rpm from 29-Jan-2015 17:04 and test it with:
Code:
rpm –Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm.
We only have a production machine here so I am not willing to do this.
But if you have an Endian test Box please let me know if it is doing any good or not.
As I said, no guarantee that it is working at all, or breaking the whole machine.
Logged
tech01
Jr. Member
*
Offline Offline

Posts: 1


« Reply #4 on: Wednesday 18 March 2015, 03:07:06 am »

I attempted the rpm -Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm and got some errors.

warning: glibc-2.3.4-2.57.0.1.el4.1.src.rpm: Header V3 DSA signature: NOKEY, key ID b38a8516
error: cannot create %sourcedir /usr/src/redhat/SOURCES

It seems /usr/src/redhat/SOURCES doesn't exist under EFW.  Is there another way to apply the patch? 
Logged
hadexx
Full Member
***
Offline Offline

Posts: 10


« Reply #5 on: Friday 20 March 2015, 07:15:37 am »

Hi,
 Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update?

Thanks

Hi,

you can read "https:**access.redhat.com*articles*1332213*" an execute tool (you need a count on red hat)
(replace the * for /)

or maybe
create a sh file

"#!/bin/bash

echo "Installed glibc version(s)"

rv=0
for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
    glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
    glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')
    glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }')
    
    echo -n "- $glibc_nvr: "
    if [ "$glibc_maj" -gt 2   -o  \
        \( "$glibc_maj" -eq 2  -a  "$glibc_min" -ge 18 \) ]; then
        # fixed upstream version
        echo 'not vulnerable'
    else
        # all RHEL updates include CVE in rpm %changelog
        if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then
            echo "not vulnerable"
        else
            echo "vulnerable"
            rv=1
        fi
    fi
done

if [ $rv -ne 0 ]; then
    cat <<EOF

This system is vulnerable to CVE-2015-0235.
Please refer to redhat.com/articles/1332213 for remediation steps
EOF
fi

exit $rv"

copy in root
execute

$ chmod +x GHOST-test.sh
$ ./GHOST-test.sh

If the target is vulnerable, you will see output similar to:

This system is vulnerable to CVE-2015-0235
Please refer to 'access.redhat.com/articles/1332213' for more information

If the target is not vulnerable, you will see output similar to:

Not vulnerable.
Logged
hadexx
Full Member
***
Offline Offline

Posts: 10


« Reply #6 on: Saturday 21 March 2015, 08:29:21 am »

maybe you can try

h**p://serverfault.com/questions/663385/no-success-when-trying-to-upgrade-glibc-on-rhel4-due-to-ghost


or execute that

For both (i386 and X86_64) systems do:

mkdir glibc2015
cd glibc2015

For i386 system do (Note, I had to replace h**p with h**p to avoid spam filters here.) :

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm

For X86_64 system do:

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm


rpm -Uvh glibc*rpm

rpm -Uvh glibc*rpm --nodeps

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/nscd-2.3.4-2.57.0.1.el4.1.i386.rpm

sudo rpm -Fvh *.rpm

For 64 bit:

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/nscd-2.3.4-2.57.0.1.el4.1.x86_64.rpm

sudo rpm -Fvh *.rpm


Afterwards, restart any running services that use glibc. You can get a list of these by running lsof | grep libc | awk '{print $1}' | sort | uniq. Depending on your situation, it's probably easier to simply restart the whole server.

Logged
boergnet
Full Member
***
Offline Offline

Posts: 16


« Reply #7 on: Thursday 09 April 2015, 02:26:51 am »

Hi,

When I tried that workaround with the smart install from the Oracle repository I got the following ERROR:

        package glibc-common-2.3.4-2.41.endian10.i386 (which is newer than glibc-common-2.3.4-2.57.0.1.el4.1.i386) is already installed
        package glibc-2.3.4-2.41.endian10.i386 (which is newer than glibc-2.3.4-2.57.0.1.el4.1.i386) is already installed

Result: It doesn't let me  install the new glibc and still uses the old one.
Using community 3.0 Still vulnerable ...

Anybody has an idea?

Thanks
Logged
Pages: [1] Go Up Print 
« previous next »
Jump to:  

Page created in 0.152 seconds with 19 queries.
Powered by SMF 1.1 RC2 | SMF © 2001-2005, Lewis Media Design by 7dana.com