Synopsis |
|
| Item | Description |
| Vulnerability | GHost |
| CVE ID | CVE-2015-0235 |
| Operating Systems Affected | Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04 |
| Documented Operating System | RHEL (v5) |
| Vulnerable Software | glibc-2.2, released on November 10, 2000 and nscd |
| Fixed Software Version | glibc-2.5 and latest nscd |
Summary
A GNU C Library (glibc) vulnerability (CVE-2015-0235), referred to as the GHOST vulnerability, was announced to the general public. In summary, the vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in glibc’s GetHOST functions (hence the name)Procedure (Single Server)
The following procedure was performed on RHEL/CentOS (v5) Operating Systems
Step 1:
Check for the glibc version
#rpm -q glibc
If the version of glibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:
CentOS 6: glibc-2.12-1.149.el6_6.5
CentOS 7: glibc-2.17-55.el7_0.5
RHEL 5: glibc-2.5-123.el5_11.1
RHEL 6: glibc-2.12-1.149.el6_6.5
RHEL 7: glibc-2.17-55.el7_0.5
If the version of glibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.
Step 2: (as root user)
# yum update glibc nscd
Or (sudo user)
# sudo yum update glibc nscd
Step 3:
#reboot
Or
#sudo reboot
Procedure (Multiple Server with RunDeck)
Step 1:
Execute the command on the ad-hoc tab and choose all the Linux Servers, refer the screenshot below
Step 2:
Once the above activity is completed, execute the reboot command on the ad-hoc tab, refer the screenshot below
As simple as that! immaterial of the number of servers you have, whether 100 or 1000, RunDeck will execute the commands with ease and provide real-time activity update and logs for auditing.
* RunDeck should have public keys to access the privileged User on the Server to execute commands
#GHost #ghostvulnerability
No comments:
Post a Comment