Swatting the GHOST in the machine....
Posted: Tue Mar 24, 2015 10:49 pm
And now, for my next eye-glazing post.....
About two months ago, GJ mentioned this in a post.
Yup, another messy ugly Security related flaw. What makes it BAD is that it's in the Linux core Library (glibc for those who are still reading) which basically affects EVERYTHING on the damned system.
Sure, patches came out for "current" Linux versions. I have a whole bunch of VMs with Oracle Enterprise Linux 5.5 (the current version is 7) as well as an RDBMS Cluster with the same thing. Not to mention a couple of of VMs with OEL 4. Those were taken care off fairly quickly (since none of those machines have access to the Net, I could take my time). The biggest problem is that I had to reboot each machine after patching. The RDBMS cluster was the biggest PITA since its a production system and had to shutdown tons of stuff before doing that.
What makes it "fun" is that the bug is close to 10 years old. And I have several VMs that for compatibility reasons HAVE to use very old versions of Linux which ARE vulnerable and.... guess what? NO PATCHES!
That meant that there was no "official" way to solve the problem, short of digging through the code and fixing it myself. Which is what I've been doing.
I've got three VMs with Redhat Linux 7.3 (no Virginia, NOT Redhat Enterprise Linux 7, this thing came out like 10 years ago).
SO, I went, got the sources packages for glibc 2.2.5 and found some places like this that gave me an idea on how the procedure to patch the thing (but no IDEA on how to modify the code), this which showed what had to be done to the code, and this which helped me understand HOW to implement the fix on my specific version of glibc.
Apparently it seems to work. I am doing some testing right now and some modifications so the patches install cleanly.
Why do I post this? because right now I am pretty full of myself
About two months ago, GJ mentioned this in a post.
Yup, another messy ugly Security related flaw. What makes it BAD is that it's in the Linux core Library (glibc for those who are still reading) which basically affects EVERYTHING on the damned system.
Sure, patches came out for "current" Linux versions. I have a whole bunch of VMs with Oracle Enterprise Linux 5.5 (the current version is 7) as well as an RDBMS Cluster with the same thing. Not to mention a couple of of VMs with OEL 4. Those were taken care off fairly quickly (since none of those machines have access to the Net, I could take my time). The biggest problem is that I had to reboot each machine after patching. The RDBMS cluster was the biggest PITA since its a production system and had to shutdown tons of stuff before doing that.
What makes it "fun" is that the bug is close to 10 years old. And I have several VMs that for compatibility reasons HAVE to use very old versions of Linux which ARE vulnerable and.... guess what? NO PATCHES!
That meant that there was no "official" way to solve the problem, short of digging through the code and fixing it myself. Which is what I've been doing.
I've got three VMs with Redhat Linux 7.3 (no Virginia, NOT Redhat Enterprise Linux 7, this thing came out like 10 years ago).
SO, I went, got the sources packages for glibc 2.2.5 and found some places like this that gave me an idea on how the procedure to patch the thing (but no IDEA on how to modify the code), this which showed what had to be done to the code, and this which helped me understand HOW to implement the fix on my specific version of glibc.
Apparently it seems to work. I am doing some testing right now and some modifications so the patches install cleanly.
Why do I post this? because right now I am pretty full of myself