oss-sec mailing list archives
Re: workaround for GHOST glibc vulnerability CVE-2015-0235
From: Constantine Shulyupin <const () makelinux com>
Date: Tue, 3 Feb 2015 13:15:17 +0200
Added static, thank. You are right, gethostbyname is vulnerable too, but less. gethostbyname is implemented in http://osxr.org/glibc/source/nss/getXXbyYY.c?v=glibc-2.17#0101 It allocates buffer from heap, not stack, which is less danger. Actually the bug is in __nss_hostname_digits_dots @ http://osxr.org/glibc/source/nss/digits_dots.c?v=glibc-2.17#0036. Is it much more complex and dangerous to overload __nss_hostname_digits_dots. Better upgrade to newer glibc. Thanks On Tue, Feb 3, 2015 at 12:30 PM, Florian Weimer <fweimer () redhat com> wrote:
On 02/02/2015 03:52 PM, Constantine Shulyupin wrote:CVE-2015-0235-workaround is a shared library wrapper with additionalchecksfor the vulnerable functions gethostbyname2_r and gethostbyname_r . The proper solution for CVE-2015-0235 is to upgrade glibc to at least glibc-2.18. In some cases, an immediate glibc upgrade is not possible, for example in custom production embedded systems, because such an upgrade requires a validation of the whole system. In such cases, this workaround provides a hot fix solution, which iseasierto validate. Source code: https://github.com/makelinux/CVE-2015-0235-workaroundYou should make all symbols static. With the current code, you risk symbol collisions. Why don't you hook gethostbyname? I'm not sure if gethosybyname is implement in terms of gethostbyname_r. (The call stacks I have suggest it isn't.) -- Florian Weimer / Red Hat Product Security
-- Constantine Shulyupin http://www.MakeLinux.com/ Embedded Linux Systems and Device Drivers
Current thread:
- workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 02)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Constantine Shulyupin (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Qualys Security Advisory (Feb 03)
- Re: workaround for GHOST glibc vulnerability CVE-2015-0235 Florian Weimer (Feb 03)