A security issue was revealed on 16th February 2016 risking many applications and devices, Linux servers prone to a major risk. This security issue is a bug named as Glibc bug. This bug can negatively affect many applications, devices and software that are internet connected. With glibc bug, attackers can easily control the devices and applications by simply inserting a code in the memory of the device. It is discovered in the building blocks of the internet which adversely affects websites and applications. However, glibc is an essential part of Linux systems.
Glibc bug was initiated in glibc (GNU C Library) which is the employment of GNU project of C standard library. Free Software Foundation presented it for their GNU operating system in the early 90’s. Glibc is an open source library of codes that can be used for internet linked devices and development of web applications.
In July 2015, the alert regarding glibc bug was announced. However, researchers at Google decided to understand and examine the issue and rather than hand this issue to glibc care takers. Meanwhile a separate team was working on this issue at Red Hat.
Linux systems are vulnerable to glibc bug and can be adversely affected. Any device which is built with ruby, PHP and python are at risk. Giant multinational companies such as Facebook, Drop box and Twitter use these languages. Prior to glibc-2.18, Linux systems that are using unpatched versions of GNU C library are the devices which can be easily demoralised. Linux is also deployed on Google Android. Since, a different version is active, Android devices are safe. Windows and OS X are safe and are not at risk.
Tips to Protect your Devices
The first step is to protect your devices from such unexpected bugs and attacks and to regularly update all the security versions of your devices. Companies stop releasing security updates when they have stopped selling their products or services. However, companies should still release security updates even if they don’t sell their products and services because vulnerabilities will be discovered in internet connected devices. A security patch has been released by Google for devices which are at risk of this bug. The patch is known as proof of concept which helps developers and industrialists in inspecting software to detect faults and then take necessary actions accordingly.
How to Check and Fix System Vulnerability?
Versions of glibc from 2.2 to 2.7 are at jeopardy. Linux dispersals which are possibly susceptible to glibc bug are:
- CentOS 6 & 7
- Red Hat Enterprise Linux 6 & 7
- Debian 7
- End of Life Linux Distributions
- Ubuntu 10.04 & 12.04
How to check system vulnerability? The below mentioned steps explain how to check if your system is vulnerable. Before checking the system vulnerability, make sure you check which version of glibc is being used.
One can check glibc version by observing the ldd version.
The version of eglibc will be displayed in the first line of an output so generated.
ldd (Ubuntu EGLIBC 2.15-0ubuntu10.7) 2.15Copyright (C) 2012 Free Software Foundation, Inc.This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.Written by Roland McGrath and Ulrich Drepper.
If the version of eglibc matches with the above output or if it is the latest version then one is safe from the attacks which are
- Ubuntu 12.04 LTS: 2.15-0ubuntu10.10
- Ubuntu 10.04 LTS: 2.11.1-0ubuntu7.20
- Debian 7 LTS: 2.13-38+deb7u7
If eglibc version is older compared to the versions mentioned above then the system is at risk and prone to GHOST and should be updated.
2. CentOS & RHEL
One can check the version of glibc with rpm
rpm -q glibc
The package name will be included in the output so generated followed by some information regarding the version used.
If the version of glibc matches with the above output or if it is the latest version then one is safe from the attacks which are
- CentOS 6: glibc-2.12-1.149.el6_6.5
- CentOS 7: glibc-2.17-55.el7_0.5
- RHEL 5: glibc-2.5-123.el5_11.1
- RHEL 6: glibc-2.12-1.149.el6_6.5
- RHEL 7: glibc-2.17-55.el7_0.5
If the glibc version is older compared to the versions mentioned above, then the system is at risk and should be immediately updated. You will only be safe from glibc bug after updating the required versions. It is important to update your security versions as well by using tools like MTv scan which protects your website from vulnerabilities.
Steps to Fix the Vulnerability
To fix your vulnerability, update your glibc version to the latest version by utilising the default package manager.
1. APT-GET: Ubuntu / Debian
All the packages should be updated to the latest versions which support Ubuntu and Debian versions. It is available by apt-get dist-upgrade
sudo apt-get update && sudo apt-get dist-upgrade
Reply with y to the validation prompt
Once the server is updated, a reboot is recommended. Use the command sudo reboot to reboot the server. Why a reboot is recommended is because GNU C Library gives access to many applications which must be resumed so that new library can be accessed.
If you still want to confirm whether your system’s vulnerability is fixed or not, perform the steps again explained in Check System Vulnerability
2. YUM: CentOS / RHEL
Update latest version of glibc via yum
sudo yum update glibc
Reply with y to the validation prompt
Once the server is updated, reboot your server. Use the command sudo reboot to reboot the server.
You can now protect Linux systems from vulnerabilities by following the mentioned steps. It is highly recommended to keep servers updated with the latest security versions.