GHOST

From TBwiki
(Difference between revisions)
Jump to: navigation, search
(Fixed vulnerability script)
(Added the possibility to update through the WebPortal)
Line 14: Line 14:
  
 
= Update procedure =
 
= Update procedure =
 +
The operator can use one of the two methods available: GUI/WebPortal or command line interface.
 +
 +
== WebPortal - TMG unit or Linux server '''with access to Internet''' (i.e. with DNS configured) ==
 +
# login onto the WebPortal
 +
# Select the 'Hosts' section
 +
# Click on the hostname
 +
# Click on the 'Status' tab
 +
# Select 'Upgrade Linux packages' into the host 'Control Action'
 +
# Click on the 'Apply action' button
 +
# Repeat the process for all hosts listed
 +
 +
== Command line interface ==
 +
 
* login with root account
 
* login with root account
 
  [root@TB011107 ~]# uname -m
 
  [root@TB011107 ~]# uname -m
 
  x86_64
 
  x86_64
 
* If the result is not "x86_64", [[Support:Contacting TelcoBridges technical support|please contact TelcoBridges]] support, otherwise you can proceed with either method below.
 
* If the result is not "x86_64", [[Support:Contacting TelcoBridges technical support|please contact TelcoBridges]] support, otherwise you can proceed with either method below.
 +
* Follow one of the two options depending if Internet is accessible from the unit
 +
 +
=== Option #1 - TMG unit or Linux server '''with access to Internet''' (i.e. with DNS configured) ===
  
== Command line interface - TMG unit or Linux server '''with access to Internet''' (i.e. with DNS configured) ==
 
* login with root account
 
 
* update OS packages with yum
 
* update OS packages with yum
 
  yum clean all
 
  yum clean all
Line 27: Line 41:
 
  reboot
 
  reboot
  
== TMG unit or Linux server '''without access to Internet''' ==
+
=== Option #2 - TMG unit or Linux server '''without access to Internet''' ===
 
* download the following packages to your PC:
 
* download the following packages to your PC:
 
** http://repo.telcobridges.com/centos/5.7/updates/x86_64/RPMS/glibc-2.5-123.el5_11.1.x86_64.rpm
 
** http://repo.telcobridges.com/centos/5.7/updates/x86_64/RPMS/glibc-2.5-123.el5_11.1.x86_64.rpm

Revision as of 10:09, 3 February 2015


On January 27, 2015, a vulnerability named "GHOST" in the glibc library was publicly announced. GHOST is also referred as CVE-2015-0235. The vulnerability is a buffer overflow in the gethostbyname family of functions that can allow arbitrary code execution.

Contents

Affected Products

  • TMG800, TMG3200, TMG7800-CTRL
  • Tdev Linux server with (CentOS, RedHat, etc) running Toolpack software

Details

The impact of this vulnerability on TelcoBridges products depends on their configuration. The vulnerability may only be triggered through requests for domain name resolution. Therefore, only units that enable such services may be exposed to the issue.

Software Versions and Fixes

The TelcoBridges CentOS 5 repository has been updated with the latest glibc version. Services that use glibc must be restarted. Because glibc is thoroughly used in the Linux operating system, it is highly recommended to reboot the unit.

Update procedure

The operator can use one of the two methods available: GUI/WebPortal or command line interface.

WebPortal - TMG unit or Linux server with access to Internet (i.e. with DNS configured)

  1. login onto the WebPortal
  2. Select the 'Hosts' section
  3. Click on the hostname
  4. Click on the 'Status' tab
  5. Select 'Upgrade Linux packages' into the host 'Control Action'
  6. Click on the 'Apply action' button
  7. Repeat the process for all hosts listed

Command line interface

  • login with root account
[root@TB011107 ~]# uname -m
x86_64
  • If the result is not "x86_64", please contact TelcoBridges support, otherwise you can proceed with either method below.
  • Follow one of the two options depending if Internet is accessible from the unit

Option #1 - TMG unit or Linux server with access to Internet (i.e. with DNS configured)

  • update OS packages with yum
yum clean all
yum update
  • reboot the unit
reboot

Option #2 - TMG unit or Linux server without access to Internet

yum localinstall glibc-2.5-123.el5_11.1.x86_64.rpm \
  glibc-common-2.5-123.el5_11.1.x86_64.rpm \
  glibc-devel-2.5-123.el5_11.1.x86_64.rpm \
  glibc-headers-2.5-123.el5_11.1.x86_64.rpm \
  nscd-2.5-123.el5_11.1.x86_64.rpm
  • Note: that operation might take a long time since yum will probably experience timeouts when trying to access the external repositories.
  • Reboot the unit
reboot

How to verify if the vulnerability is fixed?

  • login with root account
  • execute the following to create a test script
cat > rhel-GHOST-test.sh << FOF
#!/bin/bash
# rhel-GHOST-test.sh -  GHOST vulnerability tester. Only for CentOS/RHEL based servers.  #
# Version 3
# Credit : Red Hat, Inc - https://access.redhat.com/labs/ghost/ #
echo "Installed glibc version(s)"

rv=0
for glibc_nvr in \$( rpm -q --qf '%{name}-%{version}-%{release}.%{arch}\n' glibc ); do
    glibc_ver=\$( echo "\$glibc_nvr" | awk -F- '{ print \$2 }' )
    glibc_maj=\$( echo "\$glibc_ver" | awk -F. '{ print \$1 }')
    glibc_min=\$( echo "\$glibc_ver" | awk -F. '{ print \$2 }')

    echo -n "- \$glibc_nvr: "
    if [ "\$glibc_maj" -gt 2 -o \( "\$glibc_maj" -eq 2  -a  "\$glibc_min" -ge 18 \) ]; then
        # fixed upstream version
        echo 'not vulnerable'
    else
        # all RHEL updates include CVE in rpm %changelog
        if rpm -q --changelog "\$glibc_nvr" | grep -q 'CVE-2015-0235'; then
            echo "not vulnerable"
        else
            echo "vulnerable"
            rv=1
        fi
    fi
done

if [ \$rv -ne 0 ]; then
    cat <<EOF

This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235>
Please refer to <https://access.redhat.com/articles/1332213> for remediation steps
EOF
fi

exit \$rv

FOF
  • Execute the script
chmod +x rhel-GHOST-test.sh
./rhel-GHOST-test.sh
  • You should not see the 'vulnerable' string displayed

References

Personal tools