{"id":778,"date":"2021-07-23T12:37:56","date_gmt":"2021-07-23T12:37:56","guid":{"rendered":"https:\/\/ssdsunucum.com\/blog\/cve-2015-2035-ghost\/"},"modified":"2021-07-23T12:37:56","modified_gmt":"2021-07-23T12:37:56","slug":"cve-2015-2035-ghost","status":"publish","type":"post","link":"https:\/\/ssdsunucum.com\/blog\/cve-2015-2035-ghost\/","title":{"rendered":"CVE-2015-2035-GHOST"},"content":{"rendered":"<\/p>\n<div class=\"col-md-9\">\n<div class=\"flex-column flex-md-row article-header\"><\/div>\n<hr>\n<div class=\"callout callout-info\">\n<div class=\"callout-heading\">Note:<\/div>\n<div class=\"callout-content\">\n        RESOLVED  This article will receive no further updates at this time.\n    <\/div>\n<\/div>\n<h2 id=\"background-information\">Background Information<\/h2>\n<p>On 27 January 2015, a vulnerability in all versions of the GNU C library (<code>glibc<\/code>) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.<\/p>\n<h2 id=\"impact\">Impact<\/h2>\n<p>According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems.<\/p>\n<p>Qualys developed working attacks for the EXIM mail transport agent that all cPanel &#038; WHM systems use. Qualys also created a Metasploit module to make testing or exploitation of the vulnerability straightforward for an attacker. At present, Qualys has not released any attack code, only detailed analysis of the flaw and its impact.<\/p>\n<h2 id=\"how-to-determine-if-your-server-is-affected\">How to determine if your server is affected<\/h2>\n<p>The updated RPMs provided by RedHat, CentOS, and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command: <\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\">rpm <span style=\"color:#f92672\">-<\/span><span style=\"color:#e6db74\">q --changelog <\/span>glibc <span style=\"color:#f92672\">|<\/span> grep CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2015<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">0235<\/span><\/code><\/pre>\n<\/div>\n<p>If a changelog line appears, the server has the updated RPMs installed.<\/p>\n<h2 id=\"resolution\">Resolution<\/h2>\n<p>cPanel, L.L.C. does <strong>not<\/strong> provide the <code>glibc<\/code> RPM. It is provided by the vendor of the operating system where cPanel &#038; WHM is installed.<\/p>\n<p>To fix this issue, run the following commands:\n<\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\">yum clean all ; yum update glibc<\/code><\/pre>\n<\/div>\n<p>Verify the new glibc RPM was installed again:\n<\/p>\n<div class=\"highlight\">\n<pre style=\"color:#f8f8f2;background-color:#272822;-moz-tab-size:4;-o-tab-size:4;tab-size:4\"><code class=\"language-perl\" data-lang=\"perl\">rpm <span style=\"color:#f92672\">-<\/span><span style=\"color:#e6db74\">q --changelog <\/span>glibc <span style=\"color:#f92672\">|<\/span> grep CVE<span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">2015<\/span><span style=\"color:#f92672\">-<\/span><span style=\"color:#ae81ff\">0235<\/span><\/code><\/pre>\n<\/div>\n<p>Then reboot the server or manually restart all running services, as RHEL-based systems do not restart running daemons when <code>libc<\/code> is updated. A reboot or restart of all services is needed.<\/p>\n<\/p><\/div>\n","protected":false},"excerpt":{"rendered":"<p>Note: RESOLVED This article will receive no further updates at this time. Background Information On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors &hellip;<\/p>\n","protected":false},"author":1,"featured_media":779,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[1],"tags":[],"amp_enabled":true,"_links":{"self":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/778"}],"collection":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/comments?post=778"}],"version-history":[{"count":0,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/posts\/778\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media\/779"}],"wp:attachment":[{"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/media?parent=778"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/categories?post=778"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/ssdsunucum.com\/blog\/wp-json\/wp\/v2\/tags?post=778"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}