GHost Vulnerability and its mitigation using RunDeck
8KMiles always thrive to simplify the complex process and procedures, likewise we have come up with a simple solution to fix the GHost vulnerability which has affected millions of Linux systems across the globe. Applying patch to an single server is a cakewalk however consider patching hundreds and thousands of servers.
|Operating Systems Affected||Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04|
|Documented Operating System||RHEL (v5)|
|Vulnerable Software||glibc-2.2, released on November 10, 2000 and nscd|
|Fixed Software Version||glibc-2.5 and latest nscd|
A GNU C Library (glibc) vulnerability (CVE-2015-0235), referred to as the GHOST vulnerability, was announced to the general public. In summary, the vulnerability allows remote attackers to take complete control of a system by exploiting a buffer overflow bug in glibc’s GetHOST functions (hence the name)
Procedure (Single Server)
The following procedure was performed on RHEL/CentOS (v5) Operating Systems
Check for the glibc version
#rpm -q glibc
If the version of glibc matches, or is more recent than, the ones listed here, you are safe from the GHOST vulnerability:
CentOS 6: glibc-2.12-1.149.el6_6.5
CentOS 7: glibc-2.17-55.el7_0.5
RHEL 5: glibc-2.5-123.el5_11.1
RHEL 6: glibc-2.12-1.149.el6_6.5
RHEL 7: glibc-2.17-55.el7_0.5
If the version of glibc is older than the ones listed here, your system is vulnerable to GHOST and should be updated.
Step 2: (as root user)
# yum update glibc nscd
Or (sudo user)
# sudo yum update glibc nscd
Procedure (Multiple Server with RunDeck)
Execute the command on the ad-hoc tab and choose all the Linux Servers, refer the screenshot below
Once the above activity is completed, execute the reboot command on the ad-hoc tab, refer the screenshot below
As simple as that! immaterial of the number of servers you have, whether 100 or 1000, RunDeck will execute the commands with ease and provide real-time activity update and logs for auditing.
* RunDeck should have public keys to access the privileged User on the Server to execute commands
Please Contact 8KMiles to make things simple and experience our Operations Automation expertise.