GHost Vulnerability and its mitigation using RunDeck

8KMiles always thrive to simplify the complex process and procedures, likewise we have come up with a simple solution to fix the GHost vulnerability which has affected millions of Linux systems across the globe. Applying patch to an single server is a cakewalk however consider patching hundreds and thousands of servers.

 

Synopsis

 

Item Description
Vulnerability GHost
CVE ID CVE-2015-0235
Operating Systems Affected Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04
Documented Operating System RHEL (v5)
Vulnerable Software glibc-2.2, released on November 10, 2000 and nscd
Fixed Software Version glibc-2.5 and latest nscd

 

Summary

A GNU C Library (glibc) vulnerability (CVE-2015-0235), referred to as the GHOST vulnerability, was announced to the general public. In summary, the vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in glibc’s GetHOST functions (hence the name)

Procedure (Single Server)

 

The following procedure was performed on RHEL/CentOS (v5) Operating Systems

Step 1:

 

Check for the glibc version

#rpm -q glibc

If the version of glibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:

CentOS 6: glibc-2.12-1.149.el6_6.5

CentOS 7: glibc-2.17-55.el7_0.5

RHEL 5: glibc-2.5-123.el5_11.1

RHEL 6: glibc-2.12-1.149.el6_6.5

RHEL 7: glibc-2.17-55.el7_0.5

 

If the version of glibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.

 

Step 2: (as root user)

 

# yum update glibc nscd

Or (sudo user)

# sudo yum update glibc nscd

 

 

Step 3:

 

#reboot

Or

#sudo reboot

 

 

 

Procedure (Multiple Server with RunDeck)

 

Step 1:

Execute the command on the ad-hoc tab and choose all the Linux Servers, refer the screenshot below

 

Step 2:

Once the above activity is completed, execute the reboot command on the ad-hoc tab, refer the screenshot below

As simple as that! immaterial of the number of servers you have, whether 100 or 1000, RunDeck will execute the commands with ease and provide real-time activity update and logs for auditing.

*  RunDeck should have public keys to access the privileged User on the Server to execute commands

 

Please Contact 8KMiles to make things simple and experience our Operations Automation expertise.

  • January 29, 2015
  • blog