由买买提看人间百态

boards

本页内容为未名空间相应帖子的节选和存档,一周内的贴子最多显示50字,超过一周显示500字 访问原贴
Programming版 - Linux vulnerability "GHOST"
相关主题
Linux下有办法通过C/C++得到已经调入内存的library的full path么malloc per-thread arena
看看Linux开源社区的评选结果给几个teacherwei代码的评审意见吧
大家在linux下面用什么C++的IDE呢?Question on C++ Access Control (protected)
gcc 4.3(or +) on Mac OS 10.6Matrix calculation in C++
C++中释放的内存可能立即返回系统吗?how to get runtime caller function?
Memory Usage问题如何 测量某个函数的运行时间?
macOS/Linux 巨大安全漏洞 shellshock (转载)Visual Studio的使用问题(C++)
说实话要是没有谷歌的话Python在Linux下的地位不如PHP和Perl面试被问到G++和GCC编译器的关系
相关话题的讨论汇总
话题: linux话题: exploit话题: ghost话题: glibc
进入Programming版参与讨论
1 (共1页)
w**z
发帖数: 8232
1
Highly critical “Ghost” allowing code execution affects most Linux systems
New bug haunting Linux could spark "a lot of collateral damage on the
Internet."
by Dan Goodin - Jan 27 2015, 11:32am PST
Share
Tweet
110
Pixabay
An extremely critical vulnerability affecting most Linux distributions gives
attackers the ability to execute malicious code on servers used to deliver
e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet
threat, in some ways comparable to the Heartbleed and Shellshock bugs that
came to light last year. The bug, which is being dubbed "Ghost" by some
researchers, has the common vulnerability and exposures designation of CVE-
2015-0235. While a patch was issued two years ago, most Linux versions used
in production systems remain unprotected at the moment. What's more,
patching systems requires core functions or the entire affected server to be
rebooted, a requirement that may cause some systems to remain vulnerable
for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc
function that's invoked by the gethostbyname() and gethostbyname2() function
calls. A remote attacker able to call either of these functions could
exploit the flaw to execute arbitrary code with the permissions of the user
running the application. In a blog post published Tuesday, researchers from
security firm Qualys said they were able to write proof-of-concept exploit
code that carried out a full-fledged remote code execution attack against
the Exim mail server. The exploit bypassed all existing exploit protections
available on both 32-bit and 64-bit systems, including address space layout
randomization, position independent executions, and no execute protections.
Qualys has not yet published the exploit code but eventually plans to make
it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains
standard functions that programs written in the C and C++ languages use to
carry out common tasks. The vulnerability also affects Linux programs
written in Python, Ruby, and most other languages because they also rely on
glibc. As a result, most Linux systems should be presumed vulnerable unless
they run an alternative to glibc or use a glibc version that contains the
update from two years ago. The specter of so many systems being susceptible
to an exploit with such severe consequences is prompting concern among many
security professionals.
Besides Exim, other Linux components or apps that are potentially vulnerable
to Ghost include MySQL servers, Secure Shell servers, form submission apps,
and other types of mail servers. Update: In a later post, Qualys
researchers enumerated apps they believed were not vulnerable. The list
included Apache, Cups, Dovecot, GnuPG, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd,
rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, and
xinetd.
"If [researchers] were able to remotely exploit a pretty modern version of
Exim with full exploit mitigations, that's pretty severe," said Jon
Oberheide, a Linux security expert and the CTO of two-factor authentication
service Duo Security. "There could be a lot of collateral damage on the
Internet if this exploit gets published publicly, which it looks like they
plan to do, and if other people start to write exploits for other targets."
The bug affects virtually all Linux-based software that performs domain name
resolution. As result, it most likely can be exploited not only against
servers but also client applications. Word of the vulnerability appears to
have caught developers of the Ubuntu, Debian, and Red Hat distributions of
Linux off guard. At the time this post was being prepared they appeared to
be aware of the bug but had not yet distributed a ready-made fix. People who
administer Linux systems should closely monitor official channels for
information about how specific distributions are affected and whether a
patch is available. Admins should also prepare for the inevitable reboots
that will be required after installing the patch.
Update: Red Hat Enterprise Linux 5, has an update here, and readers are
reporting a fix is also available for Ubuntu 12.04.
1 (共1页)
进入Programming版参与讨论
相关主题
面试被问到G++和GCC编译器的关系C++中释放的内存可能立即返回系统吗?
C++ IDE and compilerMemory Usage问题
程序员薪水macOS/Linux 巨大安全漏洞 shellshock (转载)
构建一个快速查询字典(数据结构题)?说实话要是没有谷歌的话Python在Linux下的地位不如PHP和Perl
Linux下有办法通过C/C++得到已经调入内存的library的full path么malloc per-thread arena
看看Linux开源社区的评选结果给几个teacherwei代码的评审意见吧
大家在linux下面用什么C++的IDE呢?Question on C++ Access Control (protected)
gcc 4.3(or +) on Mac OS 10.6Matrix calculation in C++
相关话题的讨论汇总
话题: linux话题: exploit话题: ghost话题: glibc