No announcement yet.

Linux "GHOST" Vulnerability Hits Glibc Systems

  • Filter
  • Time
  • Show
Clear All
new posts

  • Linux "GHOST" Vulnerability Hits Glibc Systems

    Phoronix: Linux "GHOST" Vulnerability Hits Glibc Systems

    The latest high-profile security vulnerability affecting Linux systems us within Glibc, the GNU C Library...

    Phoronix, Linux Hardware Reviews, Linux hardware benchmarks, Linux server benchmarks, Linux benchmarking, Desktop Linux, Linux performance, Open Source graphics, Linux How To, Ubuntu benchmarks, Ubuntu hardware, Phoronix Test Suite

  • #2
    How exactly does this work? Does anyone have any more information on this?


    • #3
      You have more info linked in the article


      • #4
        Heartbleed looks insignificant now.


        • #5
          It's a good thing they don't keep these vulnerabilities a secret and don't just patch them silently. Now I'm off to attacking computers the whole night...


          • #6
            From the actual disclosure


            --[ 3 - Mitigating factors ]--------------------------------------------------

            The impact of this bug is reduced significantly by the following

            - A patch already exists (since May 21, 2013), and has been applied and
            tested since glibc-2.18, released on August 12, 2013:

            [BZ #15014]
            * nss/getXXbyYY_r.c (INTERNAL (REENTRANT_NAME))
            [HANDLE_DIGITS_DOTS]: Set any_service when digits-dots parsing was
            * nss/digits_dots.c (__nss_hostname_digits_dots): Remove
            redundant variable declarations and reallocation of buffer when
            parsing as IPv6 address. Always set NSS status when called from
            reentrant functions. Use NETDB_INTERNAL instead of TRY_AGAIN when
            buffer too small. Correct computation of needed size.
            * nss/Makefile (tests): Add test-digits-dots.
            * nss/test-digits-dots.c: New test.

            - The gethostbyname*() functions are obsolete; with the advent of IPv6,
            recent applications use getaddrinfo() instead.

            - Many programs, especially SUID binaries reachable locally, use
            gethostbyname() if, and only if, a preliminary call to inet_aton()
            fails. However, a subsequent call must also succeed (the "inet-aton"
            requirement) in order to reach the overflow: this is impossible, and
            such programs are therefore safe.

            - Most of the other programs, especially servers reachable remotely, use
            gethostbyname() to perform forward-confirmed reverse DNS (FCrDNS, also
            known as full-circle reverse DNS) checks. These programs are generally
            safe, because the hostname passed to gethostbyname() has normally been
            pre-validated by DNS software:

            . "a string of labels each containing up to 63 8-bit octets, separated
            by dots, and with a maximum total of 255 octets." This makes it
            impossible to satisfy the "1-KB" requirement.

            . Actually, glibc's DNS resolver can produce hostnames of up to
            (almost) 1025 characters (in case of bit-string labels, and special
            or non-printable characters). But this introduces backslashes ('\\')
            and makes it impossible to satisfy the "digits-and-dots"
            Emphasis mine. If you are running a recent glibc you're protected as this was tagged as a normal bug and fixed. If you're on an LTS or other "Enterprise" distro you need to check your glibc version.
            All opinions are my own not those of my employer if you know who they are.


            • #7
              Yup, there should be a patched version available before the vulnerability is disclosed.
              Such as "there is a horrific security vuln in glibc < 2.18, upgrade now!" without specifying more detalis.
              After several days, when distros will have pushed a big upgrade to glibc 2.18 in the security channel (ignoring any potential upgrade issues), more details would be published.


              • #8
                Originally posted by dungeon View Post
                You have more info linked in the article

                Thanks! I might be subconsciously blocking out every Phoronix link, as they usually link to other Phoronix articles . (Yes, I'm joking.)

                I'm not surprised that it is indeed a buffer overflow.


                • #9
                  This was probably patched with commit d5dd6189d506068ed11c8bfa1e1e9bffde04decd:

                  Fix parsing of numeric hosts in gethostbyname_r
                  author Andreas Schwab <[email protected]>
                  Mon, 21 Jan 2013 16:41:28 +0000 (17:41 +0100)
                  committer Andreas Schwab <[email protected]>
                  Tue, 21 May 2013 10:26:33 +0000 (12:26 +0200)


                  • #10
                    Originally posted by AnonymousCoward View Post
                    Thanks! I might be subconsciously blocking out every Phoronix link, as they usually link to other Phoronix articles . (Yes, I'm joking.)

                    I'm not surprised that it is indeed a buffer overflow.
                    It is a realy thread of course, but i am runing glibc 2.19 on Debian Sid so i am not affected... only wheezy had been affected but fix is already pushed.

                    Anyway maybe you will like video better... vlnrbilty

                    The GHOST vulnerability is a serious weakness in the Linux glibc library. It allows attackers to remotely take complete control of the victim system without having any prior knowledge of system…