1

Server: Red Hat Enterprise Linux Server release 5.9 (Tikanga)

I came to know that Linux GNU C Library (glibc) versions prior to 2.18 are vulnerable to remote code execution via a vulnerability in the gethostbyname function. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.

Linux distributions employing glibc-2.18 and later are not affected. This vulnerability is similar to similar to ShellShock and Heartbleed that we saw recently.

I see, the patch is available here: https://access.redhat.com/security/cve/CVE-2015-0235 (RedHat) or http://www.ubuntu.com/usn/usn-2485-1/ (Ubuntu).

I'm planning to patch our Linux systems (it would require reboot) and wanted to check on few items:

  1. Has anybody tried to patch their systems to solve this vulnerablity and what's the impact of the patch across Linux platforms/applications running?

  2. I don't think I will be fine if I just upgrade glibc binaries via yum upgrade.

  3. Where can I find a step by step guide to fix this issue.

One can see more info about this here: https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability

AKS
  • 16,482
  • 43
  • 166
  • 258
  • There reasonably shouldn't be an adverse effect on running applications, but be mindful that just about everything (including init) links against libc, so you'll need to not only patch, but also reboot. Now, do note that you should probably post this question on ServerFault, not StackOverflow. – Thomas Orozco Jan 29 '15 at 18:07
  • @ThomasOrozco, I agree, I'm looking more into this and trying to see if I can patch and possible test fewer apps than impacting every app / platform. Still not able to find a patch upgrade step by step guide to fix this. – AKS Jan 29 '15 at 18:09
  • There's no question. – n. m. could be an AI Jan 29 '15 at 18:09
  • I'm looking for a step by step guide and anything that might help me in doing a smooth patch process. – AKS Jan 29 '15 at 18:12

2 Answers2

2

1) The patched version of glibc is for sure already running in thousands of machines. There shouldn't be other noticeable impacts than getting the vulnerability solved

2) Yes, it is enough if you update glibc via yum and reboot afterwards

3) You won't need a step by step guide, as updating is really straight-forward. Just update glibc via package manager such as yum and reboot.

In theory, it is also possible not to reboot by only restarting all the applications that are linked to glibc. But in practice, it is so commonly used library that it is a lot easier to just reboot the whole machine.

Mikael Tuomisalo
  • 67
  • 7
  • Thanks Mike. For yum upgrade, I'll use glibc* like Shane said here: http://serverfault.com/questions/663499/linux-glibc-versions-2-18-and-older-vulnerability – AKS Jan 29 '15 at 19:22
0

As shane mentioned: https://serverfault.com/questions/663499/linux-glibc-versions-2-18-and-older-vulnerability

Has anybody tried to patch their systems to solve this vulnerability and what's the impact of the patch across Linux platforms/applications running?

Running applications will stay using the old version until they're restarted - just installing the patch should not have any impact. This is why it's probably best to just flat-out-reboot.

I don't think I will be fine if I just upgrade glibc binaries via yum upgrade.

Right - doing just the upgrade will leave your running applications on vulnerable code.

Where can I find a step by step guide to fix this issue.

Right here, why not:

  • yum update "glibc*"
  • reboot
Community
  • 1
  • 1
AKS
  • 16,482
  • 43
  • 166
  • 258