Huge Linux security exploit in glibc library (CVE-2015-7547)

[KuJoe]

Apparently the exploit was reported last July but just patched in the last 24 hours. It's a remote code execution exploit so this can be nasty over the next few days.

 

Quote

The glibc DNS client side resolver is vulnerable to a stack-based buffer overflow when the getaddrinfo() library function is used. Software using this function may be exploited with attacker-controlled domain names, attacker-controlled DNS servers, or through a man-in-the-middle attack.

 

Quote

A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches,” O’Donnell said. It’s likely that all Linux servers and web frameworks such as Rails, PHP and Python are affected, as well as Android apps running glibc.

 

SOURCES:

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://threatpost.com/critical-glibc-vulnerability-puts-all-linux-machines-at-risk/116261/

 

 

For those interested, these are the patched versions of glibc on Debian and CentOS (along with how to check):

 

Command to check for CentOS: rpm -qa | grep glibc
CentOS 6 = glibc-2.12-1.166.el6_7.7
CentOS 7 = glibc-2.17-106.el7_2.4

 

Command to check for Debian: dpkg -s libc-bin | grep Version
Debian 6 = 2.11.3-4+deb6u11
Debian 7 = 2.13-38+deb7u10
Debian 8 = 2.19-18+deb8u3
Debian Sid = 2.21-8

 

Edited February 17, 2016 by KuJoe
Found another source with more information and a better explanation for the non-linux savvy.

[RazeG3SG1]

11 minutes ago, KuJoe said:

Apparently the exploit was reported last July but just patched in the last 24 hours. It's a remote code execution exploit so this can be nasty over the next few days.

 

 

 

SOURCES:

https://googleonlinesecurity.blogspot.com/2016/02/cve-2015-7547-glibc-getaddrinfo-stack.html

https://threatpost.com/critical-glibc-vulnerability-puts-all-linux-machines-at-risk/116261/

 

 

For those interested, these are the patched versions of glibc on Debian and CentOS (along with how to check):

 

Command to check for CentOS: rpm -qa | grep glibc
CentOS 6 = glibc-2.12-1.166.el6_7.7
CentOS 7 = glibc-2.17-106.el7_2.4

 

Command to check for Debian: dpkg -s libc-bin | 

Don't worry, there are probably thousands of neckbeards working on this now. 

#opensource

[KuJoe]

@RazeG3SG1 working on what exactly? A patch that's already been released publicly or a time machine to fix it back when it was reported?

[DimasRMDO]

1 hour ago, KuJoe said:

Apparently the exploit was reported last July but just patched in the last 24 hours.

 

 

 

[rEaGeNeReary]

Ooh. burn.

[patrickjp93]

When you consider people are working round the clock to find security flaws and there are equally as many people trying to patch them, I think we'd be horrified to know just how many flaws there are.

[KuJoe]

Just now, patrickjp93 said:

When you consider people are working round the clock to find security flaws and there are equally as many people trying to patch them, I think we'd be horrified to know just how many flaws there are.

I agree, but flaws like this are more scary because this is a widely used library that's fundamental to the most common Linux applications. It's also very similar to the GHOST exploit which was released around this time last year.