Christina Halliday

Feb 19, 2016

Protect Your Server Against Glibc Vulnerability

The Vulnerability:

Recently, security researchers working for Google and Red Hat announced a vulnerability in a library commonly used in Linux environments.  Specifically, Glibc getaddrinfo() is susceptible, under certain conditions, to a stack-based buffer overflow attack while performing DNS queries.  This vulnerability has been designated CVE-2015-7547.

Who is Affected?

Any server running Linux with glibc 2.9 or later is affected.A complete list of the linux distributions affected can be found on the nixCraft community site.

What do I need to do?

If you are a Proactive Managed customer, we have patched your servers and are scheduling reboots with each client.

If you are not a Proactive Managed customer, you will need to upgrade your glibc library and affected services. As each Linux distribution varies in how it handles patches, it is difficult to list here every possible distribution’s update method.  In some cases, a reboot of your server may not be necessary however it is the safest way of assuring that everything loads the new library once it’s been upgraded.

Any binary files which are statically-linked to glibc will need to be recompiled in order to mitigate this type of attack.  While SELinux may be able to contain some of the collateral damage it should not be viewed as a bullet-proof vest with regard to this CVE.

What can this Vulnerability affect?

Upon discovering a vulnerable system, an attacker could create a custom DNS response that could cause an underlying library to crash (in the best case) or allow for remote execution of code at the permissions level of whomever is running the application using the library.

Need Proactive Managed Service for your applications and websites?

Chat with a Codero hosting expert now to receive a consultation.

Share on FacebookTweet about this on TwitterShare on Google+Share on LinkedIn