福建南靖土楼:Linux Glibc幽灵缓冲区溢出漏洞紧急修补方案
- 2015-01-30 20:57:00
- admin 原创
- 3698
glibc是GNU发布的libc库,即c运行库。glibc是linux系统中最底层的api,几乎其它任何运行库都会依赖于glibc。glibc除了封装linux操作系统所提供的系统服务外,它本身也提供了许多其它一些必要功能服务的实现。glibc 囊括了几乎所有的 UNIX 通行的标准。
出现了什么漏洞
代码审计公司Qualys的研究人员在glibc库中的__nss_hostname_digits_dots()函数中发现了一个缓冲区溢出的漏洞,这个bug可以经过 gethostbyname*()函数被本地或者远程的触发。应用程序主要使用gethostbyname*()函数发起DNS请求,这个函数会将主机名称转换为ip地址。
漏洞危害
这个漏洞造成了远程代码执行,攻击者可以利用此漏洞获取系统的完全控制权。
漏洞证明
在我们的测试中,我们编写了一个POC,当我们发送一封精心构造的电子邮件给服务器后,我们便可以获得远程Linux服务器的shell,这绕过了目前在32位和64位系统的所有?;ぃㄈ鏏SLR,PIE和NX)。
我们能做什么?
给操作系统及时打补丁。
为什么叫做GHOST?
因为他通过GetHOST函数触发。
哪些版本和操作系统受影响?
第一个受影响的版本是GNU C库的glibc-2.2,2000年11月10号发布。我们已找出多种可以减轻漏洞的方式。我们发现他在2013年5月21号(在glibc-2.17和glibc-2.18发布之间)已经修复。不幸的是他们不认为这是个安全漏洞。从而导致许多稳定版本和长期版本暴露在外,其中包括Debian 7 (wheezy),Red Hat Enterprise,Linux 5 & 6 & 7,CentOS 5 & 6 & 7,Ubuntu 12.04等
修复方案
升级glibc库:
福建体彩31选7开奖走势 www.gqks.net RHEL/CentOS : sudo yum update glibc
Ubuntu : sudo apt-get update ; sudo apt-get install libc6
漏洞测试方法:
下载:
wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
[[email protected] ~]# cd /usr/source/
[[email protected] source]# wget https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
--2015-01-30 20:55:00-- https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
正在解析主机 webshare.uchicago.edu... 128.135.22.61
正在连接 webshare.uchicago.edu|128.135.22.61|:443... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:1046 (1.0K) [text/x-csrc]
正在保存至: “GHOST.c”
100%[==============================================================================================================================>] 1,046 --.-K/s in 0s
2015-01-30 20:55:02 (82.6 MB/s) - 已保存 “GHOST.c” [1046/1046])
gcc -o GHOST GHOST.c
执行:
./GHOST
如果输出:
[[email protected] home]# ./GHOST
not vulnerable
表示漏洞已经修复,如果仅输出“vulnerable”字样,表示漏洞依然存在。
[[email protected] source]# yum update glibc
Loaded plugins: fastestmirror
Determining fastest mirrors
* base: ftp.sjtu.edu.cn
* extras: ftp.sjtu.edu.cn
* updates: ftp.sjtu.edu.cn
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
updates/primary_db | 2.1 MB 00:00
Setting up Update Process
Resolving Dependencies
--> Running transaction check
---> Package glibc.i686 0:2.12-1.149.el6 will be updated
--> Processing Dependency: glibc = 2.12-1.149.el6 for package: glibc-headers-2.12-1.149.el6.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6 for package: glibc-devel-2.12-1.149.el6.x86_64
--> Processing Dependency: glibc = 2.12-1.149.el6 for package: glibc-common-2.12-1.149.el6.x86_64
---> Package glibc.x86_64 0:2.12-1.149.el6 will be updated
---> Package glibc.i686 0:2.12-1.149.el6_6.5 will be an update
---> Package glibc.x86_64 0:2.12-1.149.el6_6.5 will be an update
--> Running transaction check
---> Package glibc-common.x86_64 0:2.12-1.149.el6 will be updated
---> Package glibc-common.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package glibc-devel.x86_64 0:2.12-1.149.el6 will be updated
---> Package glibc-devel.x86_64 0:2.12-1.149.el6_6.5 will be an update
---> Package glibc-headers.x86_64 0:2.12-1.149.el6 will be updated
---> Package glibc-headers.x86_64 0:2.12-1.149.el6_6.5 will be an update
--> Finished Dependency Resolution
Dependencies Resolved
========================================================================================================================================================================
Package Arch Version Repository Size
========================================================================================================================================================================
Updating:
glibc i686 2.12-1.149.el6_6.5 updates 4.3 M
glibc x86_64 2.12-1.149.el6_6.5 updates 3.8 M
Updating for dependencies:
glibc-common x86_64 2.12-1.149.el6_6.5 updates 14 M
glibc-devel x86_64 2.12-1.149.el6_6.5 updates 983 k
glibc-headers x86_64 2.12-1.149.el6_6.5 updates 612 k
Transaction Summary
========================================================================================================================================================================
Upgrade 5 Package(s)
Total download size: 24 M
Is this ok [y/N]: y
Downloading Packages:
(1/5): glibc-2.12-1.149.el6_6.5.i686.rpm | 4.3 MB 00:00
(2/5): glibc-2.12-1.149.el6_6.5.x86_64.rpm | 3.8 MB 00:00
(3/5): glibc-common-2.12-1.149.el6_6.5.x86_64.rpm | 14 MB 00:01
(4/5): glibc-devel-2.12-1.149.el6_6.5.x86_64.rpm | 983 kB 00:00
(5/5): glibc-headers-2.12-1.149.el6_6.5.x86_64.rpm | 612 kB 00:00
------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 11 MB/s | 24 MB 00:02
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Updating : glibc-2.12-1.149.el6_6.5.x86_64 1/10
Updating : glibc-common-2.12-1.149.el6_6.5.x86_64 2/10
Updating : glibc-headers-2.12-1.149.el6_6.5.x86_64 3/10
Updating : glibc-devel-2.12-1.149.el6_6.5.x86_64 4/10
Updating : glibc-2.12-1.149.el6_6.5.i686 5/10
Cleanup : glibc-devel-2.12-1.149.el6.x86_64 6/10
Cleanup : glibc-2.12-1.149.el6 7/10
Cleanup : glibc-headers-2.12-1.149.el6.x86_64 8/10
Cleanup : glibc-2.12-1.149.el6 9/10
Cleanup : glibc-common-2.12-1.149.el6.x86_64 10/10
Verifying : glibc-common-2.12-1.149.el6_6.5.x86_64 1/10
Verifying : glibc-devel-2.12-1.149.el6_6.5.x86_64 2/10
Verifying : glibc-headers-2.12-1.149.el6_6.5.x86_64 3/10
Verifying : glibc-2.12-1.149.el6_6.5.i686 4/10
Verifying : glibc-2.12-1.149.el6_6.5.x86_64 5/10
Verifying : glibc-2.12-1.149.el6.x86_64 6/10
Verifying : glibc-devel-2.12-1.149.el6.x86_64 7/10
Verifying : glibc-common-2.12-1.149.el6.x86_64 8/10
Verifying : glibc-2.12-1.149.el6.i686 9/10
Verifying : glibc-headers-2.12-1.149.el6.x86_64 10/10
Updated:
glibc.i686 0:2.12-1.149.el6_6.5 glibc.x86_64 0:2.12-1.149.el6_6.5
Dependency Updated:
glibc-common.x86_64 0:2.12-1.149.el6_6.5 glibc-devel.x86_64 0:2.12-1.149.el6_6.5 glibc-headers.x86_64 0:2.12-1.149.el6_6.5
Complete!
[[email protected] source]# ./GHOST
not vulnerable
修补完成。
文章分类
联系我们
联系人: | 牟经理 |
---|---|
电话: | 028-85666248 |
传真: | 028-85666248-8008 |
Email: | [email protected] |
QQ: | 489323802 |
微信: | cddxt |
旺旺: | dreamsilcon |
地址: | 成都市二环路西一段80号金科双楠天都2号楼1116、1117号 |