0

Server: Red Hat Enterprise Linux Server release 5.9 (Tikanga)

I came to know that Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Linux distributions employing glibc-2.18 and later are not affected. This vulnerability is similar to similar to ShellShock and Heartbleed that we saw recently.

I see, the patch is available here: https://access.redhat.com/security/cve/CVE-2015-0235 (RedHat) or http://www.ubuntu.com/usn/usn-2485-1/ (Ubuntu).

I'm planning to patch our Linux systems (it would require reboot) and wanted to check on few questions:

  1. Has anybody tried to patch their systems to solve this vulnerablity and what's the impact of the patch across Linux platforms/applications running?

  2. I don't think I will be fine if I just upgrade glibc binaries via yum upgrade.

  3. Where can I find a step by step guide to fix this issue.

One can see more info about this here: https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

Shane Madden
  • 114,520
  • 13
  • 181
  • 251
AKS
  • 115
  • 1
  • 8

1 Answers1

4

Has anybody tried to patch their systems to solve this vulnerability and what's the impact of the patch across Linux platforms/applications running?

Running applications will stay using the old version until they're restarted - just installing the patch should not have any impact. This is why it's probably best to just flat-out-reboot.

I don't think I will be fine if I just upgrade glibc binaries via yum upgrade.

Right - doing just the upgrade will leave your running applications on vulnerable code.

Where can I find a step by step guide to fix this issue.

Right here, why not:

  • yum update "glibc*"
  • reboot
Shane Madden
  • 114,520
  • 13
  • 181
  • 251