GHOST Vulnerability ( CVE-2015-0235 )

On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.

Impact

According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems

Resolition

The updated RPMs provided by RedHat, CentOS and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:


rpm -q --changelog glibc | grep CVE-2015-0235


If a changelog line is displayed, the server has the updated RPMs installed.

However, if you do not, run the following commands to fix the issue:

yum clean all ; yum update glibc

Verify the new glibc RPM was installed again:

rpm -q --changelog glibc | grep CVE-2015-0235


Please read more about this at the following URLs.

https://documentation.cpanel.net/display/CKB/CVE-2015-0235+GHOST

http://www.openwall.com/lists/oss-security/2015/01/27/9
https://rhn.redhat.com/errata/RHSA-2015-0090.html
https://rhn.redhat.com/errata/RHSA-2015-0092.html
http://cloudlinux.com/blog/clnews/glibc-ghost-remote-vulnerability-cve20150235.php


If you find your server still has this vulnerability, please feel free to contact our support team ASAP.

Thank you.



Thursday, January 29, 2015







« Back