Science And Technology News

Information Mobile News

Fix the New glibc Vulnerability CVE-2015-7547 in Linux

by · Published · Updated

CERT has issued an vulnerability alert VU#457759 for glibc.

If you have glibc installed on your system, during the DNS resolver, it may be vulnerable to stack buffer overflow. This article explains how to fix this glibc vulenrability on your server.

This issue is documented here: CVE-2015-7547. Versions affected: All glibc from 2.9 to 2.22 are affected by this vulnerability.

For example, on CentOS 6, I had the following glibc-2.12 version, which was vulnerable to this exploit.

# rpm -qa | grep -i glibcglibc-2.12-1.149.el6_6.5.x86_64glibc-headers-2.12-1.149.el6_6.5.x86_64glibc-common-2.12-1.149.el6_6.5.x86_64glibc-devel-2.12-1.149.el6_6.5.x86_64

This vulnerability has been there since glibc 2.9 which was originally released on Nov 2008. Now that this has become uncovered, you should patch your system immediately.

For CentOS/RedHat, only version 6 and 7 are affected. CentOS 5 (RedHat 5) and older versions are not affected by this. Here are the details from RedHat (CVE-2015-5229)

CentOS 6 (RedHat 6)

On CentOS (or RedHat, or other RHEL based system), when you do yum info glibc, you’ll see the following new version with this vulnerability fixed in the “updates” repository.

# yum info glibcName        : glibcArch        : x86_64Version     : 2.12Release     : 1.166.el6_7.7Size        : 3.8 MRepo        : updatesSummary     : The GNU libc libraries

To fix the problem, just do the following.

This will update the main glibc package, and the dependent glibc-common, glibc-devel and glibc-header to the latest version with the issue fixed.

# yum -y update glibc..Updated: glibc.x86_64 0:2.12-1.166.el6_7.7Dependency Updated:  glibc-common.x86_64 0:2.12-1.166.el6_7.7  glibc-devel.x86_64 0:2.12-1.166.el6_7.7  glibc-headers.x86_64 0:2.12-1.166.el6_7.7

Note: If you see that it is not showing the above new version, probably your yum cache should be updated. In that case, do the following and then try the yum update again.

yum clean allyum -y update glibc

CentOS 7 (RedHat 7)

On CentOS 7, I had the following version, which was affected by this vulnerability.

Note: If your system is not connected to internet, or if you are not using the live update by connecting to a repository, then login to Red Hat support, click on Downloads, “RPM Search”, and seach for the new glibc version, and download those rpm packages manually and install it on your system.

# cat /etc/redhat-release CentOS Linux release 7.2.1511 (Core) # rpm -qa | grep -i glibcglibc-2.17-106.el7_2.1.x86_64glibc-devel-2.17-106.el7_2.1.x86_64glibc-common-2.17-106.el7_2.1.x86_64glibc-headers-2.17-106.el7_2.1.x86_64

Do the following to fix the problem on CentOS 7.

yum clean allyum -y update glibc

The above will install the following version, where this vulnerability is fixed:

# rpm -qa | grep glibcglibc-common-2.17-106.el7_2.4.x86_64glibc-2.17-106.el7_2.4.x86_64glibc-headers-2.17-106.el7_2.4.x86_64glibc-devel-2.17-106.el7_2.4.x86_64

For example, download the following RPM package for CentOS/RedHat 6 from RedHat support site, and using rpm command to install it as shown below.

# ls -1glibc-2.12-1.166.el6_7.7.x86_64.rpmglibc-common-2.12-1.166.el6_7.7.x86_64.rpmglibc-devel-2.12-1.166.el6_7.7.x86_64.rpmglibc-headers-2.12-1.166.el6_7.7.x86_64.rpm# rpm -Uvh glibc-* Preparing...          ################# [100%]   1:glibc-common     ################# [ 25%]   2:glibc            ################# [ 50%]   3:glibc-headers    ################# [ 75%]   4:glibc-devel      ################# [100%]

Debian and Ubuntu

On debian based systems, use apt-get command, and either upgrade only glibc, or use this opportunity to upgrade all the packages including system as shown below:

sudo apt-get -u install glibcsudo apt-get -u upgrade

For debian, look at CVE-2015-0235 (link below) from debian security tracker, which shows the exact version of glibc or eglibc where this issue is fixed. Also, check this Debian security advisor DSA-3142 (link below) more for details.

Additional Information

For those who are interested, here are some random additional information to read about this vulnerability:

  • [PATCH] CVE-2015-7547 — glibc getaddrinfo() stack-based buffer overflow By Carlos O’Donell: A back of the envelope analysis shows that it should be possible to write correctly formed DNS responses with attacker controlled payloads that will penetrate a DNS cache hierarchy and therefore allow attackers to exploit machines behind such caches.
  • From Debian DSA-3142: Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18, allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka “GHOST.”
  • From Sourceware Bugzilla – Bug 18665 By Robert: A condition occurs when the recvfrom function receives data using a newly created buffer but does not use the newly created buffer size then the buffer is accessed and causes the program to crash.
  • From Debian Security Tracker: Qualys discovered that the gethostbyname and gethostbyname2 functions were subject to a buffer overflow if provided with a crafted IP address argument. This could be used by an attacker to execute arbitrary code in processes which called the affected functions.
  • Google online security blog: CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow

>

You may also like...