A very serious vulnerability has been found and patched in the GNU C Library called Glibc on 27th January 2015. A heap-based buffer overflow was found in __nss_hostname_digits_dots(), which is used by the gethostbyname() and gethostbyname2() glibc function calls. An attacker can use this vulnerability to execute arbitrary code. You can test the bug using the following C code.
#include <netdb.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#define GHOST “another_bug_here”
struct {
char buff[1024];
char bughost[sizeof(GHOST)];
} xx = { “buff”, GHOST };
int main(void) {
struct hostent buffer;
struct hostent *value;
int herrno;
int val;
size_t len = sizeof(xx.buff) – 16*sizeof(unsigned char) – 2*sizeof(char *) – 1;
char buff_name[sizeof(xx.buff)];
memset(buff_name, ‘0’, len);
buff_name[len] = ‘\0’;
val = gethostbyname_r(buff_name, &buffer, xx.buff, sizeof(xx.buff), &value, &herrno);
if (strcmp(xx.bughost, GHOST) != 0) {
puts(“vulnerable”);
exit(0);
}
if (val == ERANGE) {
puts(“not vulnerable”);
exit(0);
}
}
Compile and run and you’ll come to know whether your kernel has been patched or not. To fix the vulnerability run following commands as root.
sudo apt-get clean
sudo apt-get update
sudo apt-get upgrade
Optionally you can also run sudo apt-get dist-upgrade to upgrade your kernel afterwards.
