How do I update my VPS to address the 'Ghost' vulnerability?

To make it easier to get in touch with us, from the 24th of March 2016 all support tickets will need to be submitted from your Crucial Control Panel.

On the 27th January 2015 information on a serious vulnerability was released. This vulnerability has been named GHOST (CVE-2015-0235) and impacts Linux based operating systems with the GNU C library. This guide will assist you in ensuring that your server is not vulnerable.

Note: If you find that you are vulnerable, you will be required to perform a restart of your server after patching.

Check if you are vulnerable.

      1. Log into your server via SSH.
      2. Paste the following into a text file:

        #include <netdb.h>

        #include <stdio.h>

        #include <stdlib.h>

        #include <string.h>

        #include <errno.h>

         

        #define CANARY "in_the_coal_mine"

         

        struct {

         char buffer[1024];

         char canary[sizeof(CANARY)];

        } temp = { "buffer", CANARY };

         

        int main(void) {

         struct hostent resbuf;

         struct hostent *result;

         int herrno;

         int retval;

         

         /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/

         size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1;

         char name[sizeof(temp.buffer)];

         memset(name, '0', len);

         name[len] = '\0';

         

         retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);

         

         if (strcmp(temp.canary, CANARY) != 0) {

        puts("vulnerable");

        exit(EXIT_SUCCESS);

         }

         if (retval == ERANGE) {

        puts("not vulnerable");

        exit(EXIT_SUCCESS);

         }

         puts("should not happen");

         exit(EXIT_FAILURE);

        }

        /* from http://www.openwall.com/lists/oss-security/2015/01/27/9 */

      3. Save the file as ghost_check.c
      4. Run the following command:

        gcc ghost_check.c -o ghost;./ghost

      5. If you see the output 'vulnerable' - You are vulnerable and need to patch your system.


Another way:

 

Execute the command :

rpm -q --changelog glibc | grep CVE-2015-0235

If output is blank then it's vulnerable and patch it.

Otherwise it's not vulnerable and no need to patch it.

Patch CentOS/cPanel/CloudLinux/Red Hat based (Release 5.x, 6.x, 7.x)

 

yum clean all

yum update -y glibc glibc-common glibc-devel glibc-devel.i686 glibc-headers glibc-static glibc-static.i686 glibc-utils glibc.i686 nscd

reboot

 

Run the check again.

 

Patch Debian/Ubuntu based (Debian 6,7 and Ubuntu 10.04,12.04)

apt-get update

apt-get install --only-upgrade libc-bin libc-dev-bin libc6-dev libc6

reboot

 

Run the check again.

Was this article helpful?
0 out of 0 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk