EV SSL Secured


×
×

News: GHOST Vulnerability

Published: 01/27/2015 Back

A vulnerability has recently been disclosed in the GNU C Library (glibc) which affects all systems running CentOS 5 - 7, and Debian 7 "Wheezy." This vulnerability is serious and may allow a remote user to trick your server into running code with the privilege level of a service like web or mail.


This vulnerability exists in all common versions of glibc through 2.17. It was fixed in version 2.18 in mid-2013 but was not regarded as a security issue and so no security release was made for previous versions at the time.


This issue is known as the "GHOST" vulnerability. It has been assigned the ID CVE-2015-0235 in the Common Vulnerabilities and Exposures database. Qualys, the company that discovered the vulnerability, has published a useful article explaining what GHOST is.


CentOS and Debian have patched this vulnerability as of January 27th, 2015. To completely patch this vulnerability, you must update your glibc package and then restart all services that use glibc. Because of the fact that glibc is used by nearly every application in Linux, it is strongly recommended that you reboot your server after installing the update to ensure nothing is missed.


CENTOS


To check which version of glibc is installed, run the following command:


rpm -q glibc


The version number should be greater than or equal to the following, based on the version of CentOS you are using:



  • CentOS 5: 2.5-123.el5_11.1

  • CentOS 6: 2.12-1.149.el6_6.5

  • CentOS 7: 2.17-55.el7_0.5


When reading a version number from left to right, if you reach a number that is higher than the above version for your OS, you likely already have a patched version. For example, 2.5-124 is newer than 2.5-123.el5_11.1. If you have any doubt, please contact support and we will be happy to review your system. If your version number is lower, please run the following command and ensure an update to the openssl package is included:


yum -y update glibc


If no update is available, please try the following commands, then repeat the command above:


yum clean metadata


After the upgrade processes, you should restart your web server and all other services running on your system. For example, to restart your web server, you can run the following command:


service httpd restart


If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one. If you have any doubts about which services to restart, we recommend restarting your entire server. You can do this by running the command:


reboot


Red Hat published the following advisories regarding this vulnerability:



DEBIAN 7


To check which version of glibc is installed, run the following command:


dpkg -s libc6 | grep Version


The version number should be greater than or equal to 2.13-38+deb7u7.


The notable part to look for is the "+deb7u7" at the end. If the last number is not 7 or higher, or the part after "+" is missing, you will need to upgrade. If your version number is lower, please run the following command and ensure an update to the libc6 packages are included:


apt-get update
apt-get install -y libc6


For example, to restart your web server, you can run the following command:


service apache2 restart


If you have a control panel, you should step through each service listed in the "Services" area of the control panel and restart them one by one. If you have any doubts about which services to restart, we recommend restarting your entire server. You can do this by running the command:


reboot


Debian published the following advisories regarding this vulnerability:


SitesTen® is a registered trade mark of SitesTen LLC. All rights reserved.
SSL