Wednesday, 28 January 2015

How to patch the GHOST vulnerability (CVE-2015-0235) in Debian?

The GHOST vulnerability affects glibc up to the 2.18 version. It is a buffer overflow vulnerability in the __nss_hostname_digits_dots() function. It means, that every software, which is using the popular functions from the gethostbyname family is vulnerable. What's more, this bug can be exploited even remotely. In Debian Wheezy and Squeeze-lts the problem is in the eglibc package. Now check if your Debian is vulnerable. Put in the root console:

dpkg -l | grep "Embedded GNU C Library"

The patched versions are 2.13-38+deb7u7 in Wheezy and 2.11.3-4+deb6u4 in Squeeze-lts. When your version is older, you should do:

apt-get update && apt-get upgrade

But it is not the finish. Now, you should check which of running daemons uses the vulnerable library

lsof | grep libc- | sort | uniq

and restart all of them or – if it is not a production system – reboot the whole system.

Now, everything should work fine.