[Beowulf] glibc gethostbyname() et. al security vulnerability - GHOST
Christopher Samuel
samuel at unimelb.edu.au
Tue Jan 27 19:51:06 PST 2015
Hi folks,
Just in case you've not seen the latest remotely exploitable security
vulnerability that came out today - been in glibc since 2000:
http://www.openwall.com/lists/oss-security/2015/01/27/9
# - Despite these limitations, arbitrary code execution can be achieved.
# As a proof of concept, we developed a full-fledged remote exploit
# against the Exim mail server, bypassing all existing protections
# (ASLR, PIE, and NX) on both 32-bit and 64-bit machines. We will
# publish our exploit as a Metasploit module in the near future.
Updates are out for RHEL 5, 6 & 7 as well as Debian Wheezy.
Some more useful info from the discoverers about services they *suspect*
may not be vulnerable:
http://seclists.org/oss-sec/2015/q1/283
# Here is a list of potential targets that we investigated (they
# all call gethostbyname, one way or another), but to the best
# of our knowledge, the buffer overflow cannot be triggered in
# any of them:
#
# apache, cups, dovecot, gnupg, isc-dhcp, lighttpd, mariadb/mysql,
# nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd,
# pure-ftpd, rsyslog, samba, sendmail, sysklogd, syslog-ng,
# tcp_wrappers, vsftpd, xinetd.
#
# That being said, we believe it would be interesting if other
# people could have a look, just in case we missed something.
--
Christopher Samuel Senior Systems Administrator
VLSCI - Victorian Life Sciences Computation Initiative
Email: samuel at unimelb.edu.au Phone: +61 (0)3 903 55545
http://www.vlsci.org.au/ http://twitter.com/vlsci
More information about the Beowulf
mailing list