GHOST Vulnerability ( CVE-2015-0235 )
On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.
Impact
According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems
Resolition
The updated RPMs provided by RedHat, CentOS and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:
rpm -q --changelog glibc | grep CVE-2015-0235
If a changelog line is displayed, the server has the updated RPMs installed.
However, if you do not, run the following commands to fix the issue:
yum clean all ; yum update glibc
Verify the new glibc RPM was installed again:
rpm -q --changelog glibc | grep CVE-2015-0235
Please read more about this at the following URLs.
https://documentation.cpanel.net/display/CKB/CVE-2015-0235+GHOST
http://www.openwall.com/lists/oss-security/2015/01/27/9
https://rhn.redhat.com/errata/RHSA-2015-0090.html
https://rhn.redhat.com/errata/RHSA-2015-0092.html
http://cloudlinux.com/blog/clnews/glibc-ghost-remote-vulnerability-cve20150235.php
If you find your server still has this vulnerability, please feel free to contact our support team ASAP.
Thank you.
Donderdag, Januari 29, 2015