Search...

Linux Glibc library critical security vulnerabilities and repair method-vulnerability warning-the black bar safety net

2015-02-02T00:00:00

ID MYHACK58:62201558677
Type myhack58
Reporter 佚名
Modified 2015-02-02T00:00:00

Description

By Linux, the GNU glibc standard library gethostbyname function of the burst buffer overflow vulnerability, vulnerability number CVE-2 0 1 5-0 2 3 5 to. A hacker can through gethostbyname functions to achieve remote code execution, access to the server control and Shell access, and this vulnerability to trigger the pathway, affecting a large range, please everyone's attention and prompt a temporary fix, the follow-up we will update as soon as the mirror repair.

First, the vulnerability release date 2 0 1 5 1 2 7,

Second, has been confirmed to be successful the use of the software and system Glibc 2. 2 to 2. 1 7 (including 2. 2 and 2. 1 7 version)

Third, the vulnerability description GNU glibc standard library gethostbyname function of the burst buffer overflow vulnerability, vulnerability ID: CVE-2 0 1 5-0 2 3 5 to. Glibc is to provide system calls and basic functions of the C library, such as open, malloc, printf, and so on. All the dynamic connection of the program with the Glibc to. A remote attacker could exploit this vulnerability to execute arbitrary code and elevate the user running the application permissions.

Fourth, the vulnerability detection method Please make your own inspection:

|

1

2

3

4

5

6

7

8

9

1 0

1 1

1 2

1 3

1 4

1 5

1 6

1 7

1 8

1 9

2 0

2 1

2 2

2 3

2 4

2 5

2 6

2 7

2 8

2 9

3 0

3 1

3 2

3 3

3 4

3 5

3 6

3 7

3 8

3 9

4 0

|

[[test]]

$ cat > GHOST. c << EOF

include

define CANARY"in_the_coal_mine"

struct {

char buffer[1 0 2 4];

char canary[sizeof(CANARY)];

} temp = { "buffer", CANARY };

int main(void) {

struct hostent resbuf;

struct hostent *result;

int herrno;

int retval;

/ strlen (name) = size_needed-sizeof (host_addr) - sizeof (*h_addr_ptrs) - 1; */

size_t len = sizeof(temp. buffer) -16sizeof(unsigned char) - 2sizeof(char *) - 1;

char name[sizeof(temp. buffer)];

memset(name, '0', len);

name[len] = '\0';

retval = gethostbyname_r(name,&resbuf, temp. buffer, sizeof(temp. buffer), &result, &herrno);

if (strcmp(temp. canary, CANARY) != 0) {

puts("vulnerable");

exit(EXIT_SUCCESS);

}

if (retval == ERANGE) {

puts("notvulnerable");

exit(EXIT_SUCCESS);

}

puts("should nothappen");

exit(EXIT_FAILURE);

}

EOF

[test]

$ gcc GHOST. c-o GHOST

[test]

$./ GHOST

vulnerable

---|---

[1] [2] [3] [4] [5] next

JSON Vulners Source

Initial Source

{"type": "myhack58", "published": "2015-02-02T00:00:00", "href": "http://www.myhack58.com/Article/html/3/62/2015/58677.htm", "bulletinFamily": "info", "cvelist": [], "cvss": {"vector": "NONE", "score": 0.0}, "enchantments": {"score": {"value": 0.1, "vector": "NONE", "modified": "2016-10-28T18:23:20", "rev": 2}, "dependencies": {"references": [], "modified": "2016-10-28T18:23:20", "rev": 2}, "vulnersScore": 0.1}, "lastseen": "2016-10-28T18:23:20", "viewCount": 0, "id": "MYHACK58:62201558677", "references": [], "edition": 1, "reporter": "\u4f5a\u540d", "modified": "2015-02-02T00:00:00", "title": "Linux Glibc library critical security vulnerabilities and repair method-vulnerability warning-the black bar safety net", "description": "By Linux, the GNU glibc standard library gethostbyname function of the burst buffer overflow vulnerability, vulnerability number CVE-2 0 1 5-0 2 3 5 to. \nA hacker can through gethostbyname functions to achieve remote code execution, access to the server control and Shell access, and this vulnerability to trigger the pathway, affecting a large range, please everyone's attention and prompt a temporary fix, the follow-up we will update as soon as the mirror repair.\n\n**First, the vulnerability release date** \n2 0 1 5 1 2 7,\n\n**Second, has been confirmed to be successful the use of the software and system** \nGlibc 2. 2 to 2. 1 7 (including 2. 2 and 2. 1 7 version)\n\n**Third, the vulnerability description** \nGNU glibc standard library gethostbyname function of the burst buffer overflow vulnerability, vulnerability ID: CVE-2 0 1 5-0 2 3 5 to. Glibc is to provide system calls and basic functions of the C library, such as open, malloc, printf, and so on. All the dynamic connection of the program with the Glibc to. A remote attacker could exploit this vulnerability to execute arbitrary code and elevate the user running the application permissions.\n\n**Fourth, the vulnerability detection method** \nPlease make your own inspection:\n\n| \n\n1\n\n2\n\n3\n\n4\n\n5\n\n6\n\n7\n\n8\n\n9\n\n1 0\n\n1 1\n\n1 2\n\n1 3\n\n1 4\n\n1 5\n\n1 6\n\n1 7\n\n1 8\n\n1 9\n\n2 0\n\n2 1\n\n2 2\n\n2 3\n\n2 4\n\n2 5\n\n2 6\n\n2 7\n\n2 8\n\n2 9\n\n3 0\n\n3 1\n\n3 2\n\n3 3\n\n3 4\n\n3 5\n\n3 6\n\n3 7\n\n3 8\n\n3 9\n\n4 0\n\n| \n\n[[test]]\n\n$ cat > GHOST. c << EOF\n\n#include \n\n#include \n\n#include \n\n#include \n\n#include \n\n#define CANARY\"in_the_coal_mine\"\n\nstruct {\n\nchar buffer[1 0 2 4];\n\nchar canary[sizeof(CANARY)];\n\n} temp = { \"buffer\", CANARY };\n\nint main(void) {\n\nstruct hostent resbuf;\n\nstruct hostent *result;\n\nint herrno;\n\nint retval;\n\n/*** strlen (name) = size_needed-sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/\n\nsize_t len = sizeof(temp. buffer) -16*sizeof(unsigned char) - 2*sizeof(char *) - 1;\n\nchar name[sizeof(temp. buffer)];\n\nmemset(name, '0', len);\n\nname[len] = '\\0';\n\nretval = gethostbyname_r(name,&resbuf, temp. buffer, sizeof(temp. buffer), &result, &herrno);\n\nif (strcmp(temp. canary, CANARY) != 0) {\n\nputs(\"vulnerable\");\n\nexit(EXIT_SUCCESS);\n\n}\n\nif (retval == ERANGE) {\n\nputs(\"notvulnerable\");\n\nexit(EXIT_SUCCESS);\n\n}\n\nputs(\"should nothappen\");\n\nexit(EXIT_FAILURE);\n\n}\n\nEOF\n\n[test]\n\n$ gcc GHOST. c-o GHOST\n\n[test]\n\n$./ GHOST\n\nvulnerable \n\n---|--- \n\n**[1] [[2]](<58677_2.htm>) [[3]](<58677_3.htm>) [[4]](<58677_4.htm>) [[5]](<58677_5.htm>) [next](<58677_2.htm>)**\n"}