The GHOST vulnerability [CVE-2015-0235] can be exploited on Linux systems that use versions of the GNU C Library prior to glibc-2.18. Systems that use an unpatched version of glibc from versions 2.2 to 2.17 are at risk.

Its a buffer overflow bug affecting the gethostbyname() and gethostbyname2() function calls. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Check System Vulnerability

To test if your servers are vulnerable to GHOST, check the version of glibc that is in use.

Ubuntu & Debian

To check the version of glibc run the following command:

ldd --version

The first line of the output will contain the version of eglibc, the variant of glibc that Ubuntu and Debian use. for example:

ldd (Ubuntu EGLIBC 2.15-0ubuntu10.10) 2.15
Copyright (C) 2012 Free Software Foundation, Inc.
This is free software; see the source for copying conditions. There is NO
Written by Roland McGrath and Ulrich Drepper.

If the version of eglibc matches, or is more recent than the ones listed here, you are safe from the GHOST vulnerability:

  • Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
  • Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
  • Debian 7 LTS: 2.13-38+deb7u7

If the version of eglibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.

Continue reading

On September 24, 2014, a GNU Bash vulnerability, referred to as Shellshock or the “Bash Bug”, was disclosed. In short, the vulnerability allows remote attackers to execute arbitrary code given certain conditions. Because of Bash’s ubiquitous status amongst Linux, BSD, and Mac OS X distributions, many computers are vulnerable to Shellshock; all unpatched Bash versions between 1.14 through 4.3 (i.e. all releases until now) are at risk.

A detailed description of the bug can be found at CVE-2014-6271, CVE-2014-7169, CVE-2014-7186, and CVE-2014-7187.

Check System Vulnerability

You may check for the Shellshock vulnerability by running the following command at the bash prompt:

env 'VAR=() { :;}; echo Bash is vulnerable!' 'FUNCTION()=() { :;}; echo Bash is vulnerable!' bash -c "echo Bash Test"

The code echo Bash is vulnerable! portion of the command represents where a remote attacker could inject malicious code. Therefore, if you see the following output, your version of Bash is vulnerable and should be updated:

Bash is vulnerable!
Bash Test

If the only output from the test command is the following, your Bash is safe from Shellshock:

Bash Test

Continue reading

On April 7, 2014 a vulnerability [CVE-2014-0160 – know as Heartbleed] was released that could allow attackers to view sensitive information in a server’s memory such as secret keys and passwords. There are a million and 1 posts around the internet now with more details on this vulnerability so i am not going to go in to details here.

You will find a nice tool on github to test if your system is vulnerable. To use this tool you must have Go 1.2.x installed.
Continue reading