没想到最近linux的漏洞越来越多了,上一次的bash漏洞没过去多久,又爆出了新的漏洞,名为"幽灵漏洞(GHOST)".当我一看到有新的漏洞时,马上为我所管的服务器都打上了最新补丁,glibc的漏洞估计存在了很久了,大部分的编译都依赖于他,所以造成影响很大.好了,废话不多说,先来说说怎么检测服务器是否存在漏洞吧.
1.检测漏洞方法一:
vi ghost_check.sh
|
08 |
local i ver1=($1) ver2=($2) |
|
09 |
# fill empty fields in ver1 with zeros |
|
10 |
for ((i=${#ver1[@]}; i<${#ver2[@]}; i++)) |
|
14 |
for ((i=0; i<${#ver1[@]}; i++)) |
|
16 |
if [[ -z ${ver2[i]} ]] |
|
18 |
# fill empty fields in ver2 with zeros |
|
21 |
if ((10#${ver1[i]} > 10#${ver2[i]})) |
|
25 |
if ((10#${ver1[i]} < 10#${ver2[i]})) |
|
33 |
glibc_vulnerable_version=2.17 |
|
34 |
glibc_vulnerable_revision=54 |
|
35 |
glibc_vulnerable_version2=2.5 |
|
36 |
glibc_vulnerable_revision2=122 |
|
37 |
glibc_vulnerable_version3=2.12 |
|
38 |
glibc_vulnerable_revision3=148 |
|
39 |
echo "Vulnerable glibc version <=" $glibc_vulnerable_version"-"$glibc_vulnerable_revision |
|
40 |
echo "Vulnerable glibc version <=" $glibc_vulnerable_version2"-"$glibc_vulnerable_revision2 |
|
41 |
echo "Vulnerable glibc version <="$glibc_vulnerable_version3"-1."$glibc_vulnerable_revision3 |
|
43 |
glibc_version=$(rpm -q glibc | awk -F"[-.]" '{print $2"."$3}' | sort -u) |
|
44 |
if [[ $glibc_version == $glibc_vulnerable_version3 ]] |
|
46 |
glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $5}' | sort -u) |
|
48 |
glibc_revision=$(rpm -q glibc | awk -F"[-.]" '{print $4}' | sort -u) |
|
50 |
echo "Detected glibc version" $glibc_version" revision "$glibc_revision |
|
52 |
vulnerable_text=$"This system is vulnerable to CVE-2015-0235. <https://access.redhat.com/security/cve/CVE-2015-0235> |
|
53 |
Update the glibc and ncsd packages on your system using the packages released with the following: |
|
56 |
if [[ $glibc_version == $glibc_vulnerable_version ]] |
|
58 |
vercomp $glibc_vulnerable_revision $glibc_revision |
|
59 |
elif [[ $glibc_version == $glibc_vulnerable_version2 ]] |
|
61 |
vercomp $glibc_vulnerable_revision2 $glibc_revision |
|
62 |
elif [[ $glibc_version == $glibc_vulnerable_version3 ]] |
|
64 |
vercomp $glibc_vulnerable_revision3 $glibc_revision |
|
66 |
vercomp $glibc_vulnerable_version $glibc_version |
|
70 |
0) echo "$vulnerable_text";; |
|
71 |
1) echo "$vulnerable_text";; |
|
72 |
2) echo "Not Vulnerable.";; |
检测命令:
./ghost_check.sh
检测结果如下图:
可以看到这台服务器是存在漏洞的.
2.检测漏洞方法二:
|
1 |
/usr/sbin/clockdiff `python -c "print '0' * $((0x10000-16*1-2*4-1-4))"` |
第2个检测方法在我的机器上报错,所以我用了其他人的图,如下:
3.检测漏洞方法三:
vi ghost.c
|
07 |
#define CANARY "in_the_coal_mine" |
|
11 |
char canary[sizeof(CANARY)]; |
|
12 |
} temp = { "buffer", CANARY }; |
|
15 |
struct hostent resbuf; |
|
16 |
struct hostent *result; |
|
20 |
/*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/ |
|
21 |
size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1; |
|
22 |
char name[sizeof(temp.buffer)]; |
|
23 |
memset(name, '0', len); |
|
26 |
retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); |
|
28 |
if (strcmp(temp.canary, CANARY) != 0) { |
|
32 |
if (retval == ERANGE) { |
|
33 |
puts("not vulnerable"); |
|
36 |
puts("should not happen"); |
检测命令:
gcc ghost.c -o ghost && ./ghost
检测结果如下图:
可以看到也是检测出了漏洞.好了,下面来说怎么修复漏洞吧.
4.修复方法:
RedHat、Fedora、CentOS系统:
yum update glibc glibc-devel glibc-common glibc-headers -y
Debian、Ubuntu系统:
apt-get clean && apt-get update && apt-get upgrade
或
apt-get clean && apt-get update && apt-get -y install libc6
ps:
升级后,建议重启用到glibc的进程或者重启服务器.
(责任编辑:IT) |
