|
Title: GHOST glibc vulnerability Post by: pwm on Friday 30 January 2015, 02:20:11 pm Hi,
Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update? Thanks Title: Re: GHOST glibc vulnerability Post by: raxor on Friday 30 January 2015, 07:43:10 pm Yep it's vulnerable.
Community 2.52 at least Code: root@FIREWALL_EFW:/tmp # bash GHOST-test.sh i don't know how to fix or any other workaround. Any advice are welcome. Title: Re: GHOST glibc vulnerability Post by: zeramos on Tuesday 03 February 2015, 12:07:56 am Hello , I find nothing on this subject in endian communities, found some information?
TY! Title: Re: GHOST glibc vulnerability Post by: boergnet on Friday 06 February 2015, 08:44:01 am Hello to everyone.
I can confirm that my Community 3.0.0 is vulnerable There might be a fix for this like there was a fix in this forum for shellshock from the Oracle repository. Maybe someone could download the latest glibc rpm from 29-Jan-2015 17:04 and test it with: Code: rpm –Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm. But if you have an Endian test Box please let me know if it is doing any good or not. As I said, no guarantee that it is working at all, or breaking the whole machine. Title: Re: GHOST glibc vulnerability Post by: tech01 on Wednesday 18 March 2015, 03:07:06 am I attempted the rpm -Uvh glibc-2.3.4-2.57.0.1.el4.1.src.rpm and got some errors.
warning: glibc-2.3.4-2.57.0.1.el4.1.src.rpm: Header V3 DSA signature: NOKEY, key ID b38a8516 error: cannot create %sourcedir /usr/src/redhat/SOURCES It seems /usr/src/redhat/SOURCES doesn't exist under EFW. Is there another way to apply the patch? Title: Re: GHOST glibc vulnerability Post by: hadexx on Friday 20 March 2015, 07:15:37 am Hi, Is Endian 2.5 / 3.0 version has the GHOST glibc vulnerability? Any patch we can update? Thanks Hi, you can read "https:**access.redhat.com*articles*1332213*" an execute tool (you need a count on red hat) (replace the * for /) or maybe create a sh file "#!/bin/bash echo "Installed glibc version(s)" rv=0 for glibc_nvr in $( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do glibc_ver=$( echo "$glibc_nvr" | awk -F- '{ print $2 }' ) glibc_maj=$( echo "$glibc_ver" | awk -F. '{ print $1 }') glibc_min=$( echo "$glibc_ver" | awk -F. '{ print $2 }') echo -n "- $glibc_nvr: " if [ "$glibc_maj" -gt 2 -o \ \( "$glibc_maj" -eq 2 -a "$glibc_min" -ge 18 \) ]; then # fixed upstream version echo 'not vulnerable' else # all RHEL updates include CVE in rpm %changelog if rpm -q --changelog "$glibc_nvr" | grep -q 'CVE-2015-0235'; then echo "not vulnerable" else echo "vulnerable" rv=1 fi fi done if [ $rv -ne 0 ]; then cat <<EOF This system is vulnerable to CVE-2015-0235. Please refer to redhat.com/articles/1332213 for remediation steps EOF fi exit $rv" copy in root execute $ chmod +x GHOST-test.sh $ ./GHOST-test.sh If the target is vulnerable, you will see output similar to: This system is vulnerable to CVE-2015-0235 Please refer to 'access.redhat.com/articles/1332213' for more information If the target is not vulnerable, you will see output similar to: Not vulnerable. Title: Re: GHOST glibc vulnerability Post by: hadexx on Saturday 21 March 2015, 08:29:21 am maybe you can try
h**p://serverfault.com/questions/663385/no-success-when-trying-to-upgrade-glibc-on-rhel4-due-to-ghost or execute that For both (i386 and X86_64) systems do: mkdir glibc2015 cd glibc2015 For i386 system do (Note, I had to replace h**p with h**p to avoid spam filters here.) : smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm For X86_64 system do: smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm rpm -Uvh glibc*rpm rpm -Uvh glibc*rpm --nodeps smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.i386.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/i386/getPackage/nscd-2.3.4-2.57.0.1.el4.1.i386.rpm sudo rpm -Fvh *.rpm For 64 bit: smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.i686.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-common-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-devel-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-headers-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-profile-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/glibc-utils-2.3.4-2.57.0.1.el4.1.x86_64.rpm smart install h**p://public-yum.oracle.com/repo/EnterpriseLinux/EL4/latest/x86_64/getPackage/nscd-2.3.4-2.57.0.1.el4.1.x86_64.rpm sudo rpm -Fvh *.rpm Afterwards, restart any running services that use glibc. You can get a list of these by running lsof | grep libc | awk '{print $1}' | sort | uniq. Depending on your situation, it's probably easier to simply restart the whole server. Title: Re: GHOST glibc vulnerability Post by: boergnet on Thursday 09 April 2015, 02:26:51 am Hi,
When I tried that workaround with the smart install from the Oracle repository I got the following ERROR: package glibc-common-2.3.4-2.41.endian10.i386 (which is newer than glibc-common-2.3.4-2.57.0.1.el4.1.i386) is already installed package glibc-2.3.4-2.41.endian10.i386 (which is newer than glibc-2.3.4-2.57.0.1.el4.1.i386) is already installed Result: It doesn't let me install the new glibc and still uses the old one. Using community 3.0 Still vulnerable ... Anybody has an idea? Thanks |