GHOST: glibc vulnerability (CVE-2015-0235)
Hi,
A critical security vulnerability has been discovered in glibc code. Potentially, a remote exploit is possible. It affects all versions of glibc shipped with all versions and variants of Red Hat Enterprise Linux. Updated packages that fix the problem are available. All users are advised to update.
Please, see the following KB article for more detailed information (incl. links to respective errata). Red Hat has also prepared a lab for testing whether your system is vulnerable:
Responses
Robert,
Can you advise if SELinux provides any level of mitigation by constraining the access of the exploited service/user?
I appreciate this isn't a fix, but interested to know how far SELinux goes in limiting the impact of this exploit (is this tested in the lab?).
Red Hat
Guru
3240 points
Hi Pixel,
I'll investigate about SELinux. The detection script DOES NOT test for that. That said, the script had some deficiencies, so it's now being rewritten. I'll update this discussion when it's ready for use again.
Red Hat
Guru
3240 points
The detection script has been fixed, and the lab is available again: GHOST - gethostbyname Detector.
Please note that it only checks whether the glibc package has been updated (or is already new enough not to contain the bug). It does not check for actual exploitability.
I'm just curious that the new Ghost test script, fails on my verson 5, but not version six, yet the old test script after patching to glibc 2.5.123, (an upgrade from 2.5.117) says it's not vulnerable, so I'm confused....is the version 3 Ghost detection script for all versions?
Thanks Robert, so based on that I have to update my kernel to go to 5_11? I'm running 5_10 kernel 391, and the RHSA 2015-090-1 lists glibc-2.5-123.el5_11.1.x86_64.rpm, I'm taking that the el5_11.1 is for 5_11 kernel 398 and higher, is that correct. So there is no patch for 5_10, kernel 391? Sorry I'm new at this.
What is the actual command to patch GHOST in REDHAT 6.4? Iam wanting to stay in RHELV6. Is "yum update glibc" correct?
I downloaded script and it did not work, but I found other ways to detect library version. I was able to use the other script to detect vulnerability. Thanks
Red Hat
Guru
3240 points
Hi Debbie,
I'm not sure to what other script you refer -- Red Hat only provides one detection script. If the script provided by Red Hat (linked from the first post in this discussion) does not work, we would appreciate it if you could provide us with more details, so that it can be fixed.
Welcome! Check out the Getting Started with Red Hat page for quick tours and guides for common tasks.