跳到主要内容
博客云概述GHOST 漏洞

GHOST的弱点

大家注意了,Qualys发现的一个名为GHOST(CVE-2015-0235)的Linux漏洞最近被公开了。这个特定的漏洞是一个讨厌的漏洞,因为它允许远程代码执行。

该漏洞已在本报告中得到详尽的记录。 安全咨询,你可能会觉得有趣。简而言之,该漏洞存在于glibc中的 __ns_hostname_digits_dots(),它涉及到主机名的解析,通过 gethostbyname() 呼叫。

我容易受到伤害吗?

是的,很有可能。为了解决这个问题,你要确保你已经更新并重新启动了你的系统。

Debian 和Ubuntu ,为其支持的发行版更新了软件包。运行 apt-get update && apt-get dist-upgrade 来更新你的系统,然后重新启动以确保没有对旧库的引用仍然存在。

对于其他流行的发行版,请按照它们的同等步骤来升级软件包。 欲了解更多信息,你可以遵循我们的GHOST指南

Linode基础设施是否存在漏洞?

我们的安全团队已经努力保护我们的基础设施免受这一漏洞的影响,我们已经采取了适当的措施来解决我们所有系统的这一问题。


评论 (9)

  1. Author Photo

    My server is running Ubuntu 12.04.1 do I need to upgrade in order for this to be fixed or will it be in the repo’s?

  2. Author Photo

    You shouldn’t need to upgrade to a new version of Ubuntu, simply updating through your package manager, then rebooting, will suffice for addressing this issue.

  3. Author Photo

    I run musl-libc so wasn’t vulnerable. You glibc plebs… poor sods.

  4. Author Photo

    My linode is running on CentOS 6.4. I have updated the glibc package with yum manager but still the version showing is 2.12 after update. I run some script to check the whether the server is affected by ghost. the system showing is vulnerable.. how to fix ..let me know..

  5. Author Photo

    A practical thing (hope it could be helpful for anyone). You don’t need to reboot the whole server after updating. If you are not able to do reboot — use this cmd which relaunchs only several applications that actually use vulnerable glibc:

    for s in $(lsof | grep libc | awk ‘{print $1}’ | sort | uniq); do if [[ -f “/etc/init.d/$s” && “$(ps aufx | grep -v grep | grep $s)” ]]; then echo $s; service $s restart; fi; done

    From: http://blog.wallarm.com/post/109402223343/ghost-a-brief-recap-of-what-you-need-to-know

  6. Author Photo

    @Jonathan Leal – You don’t need to restart your server, typing execute ‘lsof | grep libc | awk ‘{print $1}’ | sort | uniq’ and it’s enough.

  7. Author Photo

    Thanks for the quick response and posting about this, Linode. 🙂

  8. Author Photo
  9. Author Photo

    The above lsof commands have a problem!!! They only return the first 9 characters of the command name.

    $ lsof | grep libc | grep redis
    redis-ser 3303….

    vs:

    lsof +c 0 | grep libc | grep redis
    redis-server 3303

    You may well miss services that need to be restarted without “+c 0”

留下回复

您的电子邮件地址将不会被公布。 必须填写的字段被标记为*