GHOST glibc vulnerability

[Guest]

[pwm]

Hi,
 Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update?

Thanks

[raxor]

Yep it's vulnerable.

Community 2.52 at least

Code:

root@FIREWALL_EFW:/tmp # bash GHOST-test.sh
Installed glibc version(s)
- glibc-2.3.4-2.41.endian9.i386: vulnerable

i don't know how to fix or  any other workaround.

Any advice are welcome.

[zeramos]

Hello , I find nothing on this subject in endian communities, found some information?

TY!

[boergnet]

Hello to everyone.
I can confirm that my Community 3.0.0  is vulnerable
There might be a fix for this like there was a fix in this forum for shellshock from the Oracle repository.
Maybe someone could download the latest glibc rpm from 29-Jan-2015 17:04 and test it with:

Code:

rpm –Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm.

We only have a production machine here so I am not willing to do this.
But if you have an Endian test Box please let me know if it is doing any good or not.
As I said, no guarantee that it is working at all, or breaking the whole machine.

[tech01]

I attempted the rpm -Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm and got some errors.

warning: glibc-2.3.4-2.57.0.1.el4.1.src.rpm: Header V3 DSA signature: NOKEY, key ID b38a8516
error: cannot create %sourcedir /usr/src/redhat/SOURCES

It seems /usr/src/redhat/SOURCES doesn't exist under EFW.  Is there another way to apply the patch? 

[hadexx]

Hi,
 Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update?

Thanks

Hi,

you can read "https:**access.redhat.com*articles*1332213*" an execute tool (you need a count on red hat)
(replace the * for /)

or maybe
create a sh file

"#!/bin/bash

echo "Installed glibc version(s)"

rv=0
for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
    glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' )
    glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }')
    glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }')
    
    echo -n "- $glibc_nvr: "
    if [ "$glibc_maj" -gt 2   -o  \
        \( "$glibc_maj" -eq 2  -a  "$glibc_min" -ge 18 \) ]; then
        # fixed upstream version
        echo 'not vulnerable'
    else
        # all RHEL updates include CVE in rpm %changelog
        if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then
            echo "not vulnerable"
        else
            echo "vulnerable"
            rv=1
        fi
    fi
done

if [ $rv -ne 0 ]; then
    cat <<EOF

This system is vulnerable to CVE-2015-0235.
Please refer to redhat.com/articles/1332213 for remediation steps
EOF
fi

exit $rv"

copy in root
execute

$ chmod +x GHOST-test.sh
$ ./GHOST-test.sh

If the target is vulnerable, you will see output similar to:

This system is vulnerable to CVE-2015-0235
Please refer to 'access.redhat.com/articles/1332213' for more information

If the target is not vulnerable, you will see output similar to:

Not vulnerable.

[hadexx]

maybe you can try

h**p://serverfault.com/questions/663385/no-success-when-trying-to-upgrade-glibc-on-rhel4-due-to-ghost


or execute that

For both (i386 and X86_64) systems do:

mkdir glibc2015
cd glibc2015

For i386 system do (Note, I had to replace h**p with h**p to avoid spam filters here.) :

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm

For X86_64 system do:

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm


rpm -Uvh glibc*rpm

rpm -Uvh glibc*rpm --nodeps

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.i386.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/nscd-2.3.4-2.57.0.1.el4.1.i386.rpm

sudo rpm -Fvh *.rpm

For 64 bit:

smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.x86_64.rpm
smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/nscd-2.3.4-2.57.0.1.el4.1.x86_64.rpm

sudo rpm -Fvh *.rpm


Afterwards, restart any running services that use glibc. You can get a list of these by running lsof | grep libc | awk '{print $1}' | sort | uniq. Depending on your situation, it's probably easier to simply restart the whole server.

[boergnet]

Hi,

When I tried that workaround with the smart install from the Oracle repository I got the following ERROR:

        package glibc-common-2.3.4-2.41.endian10.i386 (which is newer than glibc-common-2.3.4-2.57.0.1.el4.1.i386) is already installed
        package glibc-2.3.4-2.41.endian10.i386 (which is newer than glibc-2.3.4-2.57.0.1.el4.1.i386) is already installed

Result: It doesn't let me  install the new glibc and still uses the old one.
Using community 3.0 Still vulnerable ...

Anybody has an idea?

Thanks