The GHOST vulnerability [CVE-2015-0235] can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. Systems that use an unpatched version of glibc from versions 2.2 to 2.17 are at risk.

Its a buffer overflow bug affecting the gethostbyname() and gethostbyname2() function calls. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Check System Vulnerability

To test if your servers are vulnerable to GHOST, check the version of glibc that is in use.

Ubuntu & Debian

To check the version of glibc run the following command:

ldd --version

The first line of the output will contain the version of eglibc, the variant of glibc that Ubuntu and Debian use. for example:

ldd (Ubuntu EGLIBC 2.15-0ubuntu10.10) 2.15
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
Written by Roland McGrath and Ulrich Drepper.

If the version of eglibc matches, or is more recent than the ones listed here, you are safe from the GHOST vulnerability:

  • Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
  • Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
  • Debian 7 LTS: 2.13-38+deb7u7

If the version of eglibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.

Continue reading

You can follow the instructions below to set a custom php.ini file per user when using FastCGI with cPanel on your server.

Step 1 – Make a backup copy of your cPanel PHP wrapper script:

cp -frp /usr/local/cpanel/cgi-sys/php5 /usr/local/cpanel/cgi-sys/php5.bk

Step 2 – Edit the cPanel PHP wrapper script:

vim /usr/local/cpanel/cgi-sys/php5

Add the following line above exec /usr/bin/php:

[[ -f ~/public_html/php.ini ]] && exec /usr/bin/php -c ~/public_html/php.ini

The file should now look like:

#!/bin/sh

# If you customize the contents of this wrapper script, place
# a copy at /var/cpanel/conf/apache/wrappers/php5
# so that it will be reinstalled when Apache is updated or the
# PHP handler configuration is changed

[[ -f ~/public_html/php.ini ]] && exec /usr/bin/php -c ~/public_html/php.ini
exec /usr/bin/php

Step 3 – Now you will want to copy the PHP wrapper script to a more permanent location. This will ensure the settings are saved if you ever recompile Apache.

Continue reading