Linux vulnerability "GHOST"# Programming - 葵花宝典
a*a
1 楼
父爱如山, 祝天下父亲健康快乐, 平安幸福!
本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
w*z
2 楼
Highly critical “Ghost” allowing code execution affects most Linux systems
New bug haunting Linux could spark "a lot of collateral damage on the
Internet."
by Dan Goodin - Jan 27 2015, 11:32am PST
Share
Tweet
110
Pixabay
An extremely critical vulnerability affecting most Linux distributions gives
attackers the ability to execute malicious code on servers used to deliver
e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet
threat, in some ways comparable to the Heartbleed and Shellshock bugs that
came to light last year. The bug, which is being dubbed "Ghost" by some
researchers, has the common vulnerability and exposures designation of CVE-
2015-0235. While a patch was issued two years ago, most Linux versions used
in production systems remain unprotected at the moment. What's more,
patching systems requires core functions or the entire affected server to be
rebooted, a requirement that may cause some systems to remain vulnerable
for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc
function that's invoked by the gethostbyname() and gethostbyname2() function
calls. A remote attacker able to call either of these functions could
exploit the flaw to execute arbitrary code with the permissions of the user
running the application. In a blog post published Tuesday, researchers from
security firm Qualys said they were able to write proof-of-concept exploit
code that carried out a full-fledged remote code execution attack against
the Exim mail server. The exploit bypassed all existing exploit protections
available on both 32-bit and 64-bit systems, including address space layout
randomization, position independent executions, and no execute protections.
Qualys has not yet published the exploit code but eventually plans to make
it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains
standard functions that programs written in the C and C++ languages use to
carry out common tasks. The vulnerability also affects Linux programs
written in Python, Ruby, and most other languages because they also rely on
glibc. As a result, most Linux systems should be presumed vulnerable unless
they run an alternative to glibc or use a glibc version that contains the
update from two years ago. The specter of so many systems being susceptible
to an exploit with such severe consequences is prompting concern among many
security professionals.
Besides Exim, other Linux components or apps that are potentially vulnerable
to Ghost include MySQL servers, Secure Shell servers, form submission apps,
and other types of mail servers. Update: In a later post, Qualys
researchers enumerated apps they believed were not vulnerable. The list
included Apache, Cups, Dovecot, GnuPG, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd,
rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, and
xinetd.
"If [researchers] were able to remotely exploit a pretty modern version of
Exim with full exploit mitigations, that's pretty severe," said Jon
Oberheide, a Linux security expert and the CTO of two-factor authentication
service Duo Security. "There could be a lot of collateral damage on the
Internet if this exploit gets published publicly, which it looks like they
plan to do, and if other people start to write exploits for other targets."
The bug affects virtually all Linux-based software that performs domain name
resolution. As result, it most likely can be exploited not only against
servers but also client applications. Word of the vulnerability appears to
have caught developers of the Ubuntu, Debian, and Red Hat distributions of
Linux off guard. At the time this post was being prepared they appeared to
be aware of the bug but had not yet distributed a ready-made fix. People who
administer Linux systems should closely monitor official channels for
information about how specific distributions are affected and whether a
patch is available. Admins should also prepare for the inevitable reboots
that will be required after installing the patch.
Update: Red Hat Enterprise Linux 5, has an update here, and readers are
reporting a fix is also available for Ubuntu 12.04.
New bug haunting Linux could spark "a lot of collateral damage on the
Internet."
by Dan Goodin - Jan 27 2015, 11:32am PST
Share
Tweet
110
Pixabay
An extremely critical vulnerability affecting most Linux distributions gives
attackers the ability to execute malicious code on servers used to deliver
e-mail, host webpages, and carry out other vital functions.
The vulnerability in the GNU C Library (glibc) represents a major Internet
threat, in some ways comparable to the Heartbleed and Shellshock bugs that
came to light last year. The bug, which is being dubbed "Ghost" by some
researchers, has the common vulnerability and exposures designation of CVE-
2015-0235. While a patch was issued two years ago, most Linux versions used
in production systems remain unprotected at the moment. What's more,
patching systems requires core functions or the entire affected server to be
rebooted, a requirement that may cause some systems to remain vulnerable
for some time to come.
The buffer overflow flaw resides in __nss_hostname_digits_dots(), a glibc
function that's invoked by the gethostbyname() and gethostbyname2() function
calls. A remote attacker able to call either of these functions could
exploit the flaw to execute arbitrary code with the permissions of the user
running the application. In a blog post published Tuesday, researchers from
security firm Qualys said they were able to write proof-of-concept exploit
code that carried out a full-fledged remote code execution attack against
the Exim mail server. The exploit bypassed all existing exploit protections
available on both 32-bit and 64-bit systems, including address space layout
randomization, position independent executions, and no execute protections.
Qualys has not yet published the exploit code but eventually plans to make
it available as a Metasploit module.
“A lot of collateral damage on the Internet”
The glibc is the most common code library used by Linux. It contains
standard functions that programs written in the C and C++ languages use to
carry out common tasks. The vulnerability also affects Linux programs
written in Python, Ruby, and most other languages because they also rely on
glibc. As a result, most Linux systems should be presumed vulnerable unless
they run an alternative to glibc or use a glibc version that contains the
update from two years ago. The specter of so many systems being susceptible
to an exploit with such severe consequences is prompting concern among many
security professionals.
Besides Exim, other Linux components or apps that are potentially vulnerable
to Ghost include MySQL servers, Secure Shell servers, form submission apps,
and other types of mail servers. Update: In a later post, Qualys
researchers enumerated apps they believed were not vulnerable. The list
included Apache, Cups, Dovecot, GnuPG, isc-dhcp, lighttpd, mariadb/mysql,
nfs-utils, nginx, nodejs, openldap, openssh, postfix, proftpd, pure-ftpd,
rsyslog, samba, sendmail, sysklogd, syslog-ng, tcp_wrappers, vsftpd, and
xinetd.
"If [researchers] were able to remotely exploit a pretty modern version of
Exim with full exploit mitigations, that's pretty severe," said Jon
Oberheide, a Linux security expert and the CTO of two-factor authentication
service Duo Security. "There could be a lot of collateral damage on the
Internet if this exploit gets published publicly, which it looks like they
plan to do, and if other people start to write exploits for other targets."
The bug affects virtually all Linux-based software that performs domain name
resolution. As result, it most likely can be exploited not only against
servers but also client applications. Word of the vulnerability appears to
have caught developers of the Ubuntu, Debian, and Red Hat distributions of
Linux off guard. At the time this post was being prepared they appeared to
be aware of the bug but had not yet distributed a ready-made fix. People who
administer Linux systems should closely monitor official channels for
information about how specific distributions are affected and whether a
patch is available. Admins should also prepare for the inevitable reboots
that will be required after installing the patch.
Update: Red Hat Enterprise Linux 5, has an update here, and readers are
reporting a fix is also available for Ubuntu 12.04.
y*g
3 楼
Re
嘿嘿,才看见要求
Happy Father's day
嘿嘿,才看见要求
Happy Father's day
l*z
4 楼
Happy Father's day
h*n
5 楼
Happy Father's day
l*d
6 楼
Happy Father's day
n*7
7 楼
Happy Father's day
s*3
8 楼
Happy Father's day
t*g
9 楼
祝父亲健康长寿!祝LD健康快乐,能挣到我花不完的钱!
a*a
10 楼
赞, 都是很实在的祝福啊 :)
【在 t**********g 的大作中提到】
: 祝父亲健康长寿!祝LD健康快乐,能挣到我花不完的钱!
【在 t**********g 的大作中提到】
: 祝父亲健康长寿!祝LD健康快乐,能挣到我花不完的钱!
y*n
11 楼
希望远方的父亲也是快乐幸福的。
R*C
12 楼
Happy father's day
s*a
13 楼
Happy father's day
c*w
14 楼
Happy father's day!
★ Sent from iPhone App: iReader Mitbbs Lite 7.56
★ Sent from iPhone App: iReader Mitbbs Lite 7.56
b*r
15 楼
Happy Father's day
j*g
16 楼
祝所有父亲身体健康
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
B*a
17 楼
Father happy day!
w*w
18 楼
排,想吃.
n*r
19 楼
祝父亲健康长寿!
w*w
20 楼
希望偶能养好子女。
【在 w**w 的大作中提到】
: 排,想吃.
【在 w**w 的大作中提到】
: 排,想吃.
p*l
21 楼
祝父亲健康,长寿!是我最大的心愿
l*o
22 楼
Happy Father's day
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
f*g
23 楼
祝天下所有老爹万寿无疆
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
N*s
24 楼
re
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
N*s
25 楼
g节日快乐。。
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
l*a
26 楼
父亲节快乐
n*n
27 楼
祝父亲健康长寿!
l*f
28 楼
祝父亲身体健康、顺心如意
n*n
29 楼
祝父亲健康长寿!
l*t
30 楼
遥祝彼岸的老爸健康快乐!
and Happy Father's Day to me too! lol
and Happy Father's Day to me too! lol
s*u
31 楼
爸爸我永远爱你。
r*s
32 楼
祝老爸身体健康!
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
i*c
33 楼
Happy Father's day
B*s
34 楼
老爹长命百岁
h*s
35 楼
All DADs, happy father's day
y*a
36 楼
Happy father's day to my dad and my LD!
j*y
37 楼
p*r
38 楼
能吃到末?
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
s*y
39 楼
祝当爹的都开开心心~
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
【在 a****a 的大作中提到】
: 父爱如山, 祝天下父亲健康快乐, 平安幸福!
: 本版ID, 请为自己的父亲或者ld送上简单祝福,光回复re, pai, 排,吃的木包子哈
:
K*N
40 楼
祝老爹老公身体健康!外加老公多多挣银子。早日实现我想去哪里就去哪里的梦想。
b*e
41 楼
祝天下的慈父们身体健康,工作顺利
w*y
42 楼
祝老爹早日康复,老大生活幸福,自己吗心想事成,广大的父亲们节日快乐。
a*a
43 楼
有, 发到这里 :)
增加一句祝福吧?
【在 w******y 的大作中提到】
: 祝老爹早日康复,老大生活幸福,自己吗心想事成,广大的父亲们节日快乐。
增加一句祝福吧?
【在 w******y 的大作中提到】
: 祝老爹早日康复,老大生活幸福,自己吗心想事成,广大的父亲们节日快乐。
g*g
44 楼
父亲节快乐,希望老爹身体健康,快乐多多,心情好好~~~~
g*g
45 楼
啊?没赶上啊
a*a
46 楼
不好意思啊, 刚截止, 你这个包子我发给你 :)
【在 g*********g 的大作中提到】
: 啊?没赶上啊
【在 g*********g 的大作中提到】
: 啊?没赶上啊
a*a
47 楼
帮你后面补的内容修改到这个帖子中来了哈, 父亲节快乐 :)
【在 w******y 的大作中提到】
: 祝老爹早日康复,老大生活幸福,自己吗心想事成,广大的父亲们节日快乐。
【在 w******y 的大作中提到】
: 祝老爹早日康复,老大生活幸福,自己吗心想事成,广大的父亲们节日快乐。
g*g
48 楼
那怎么好意思呢,本来就是我自己没赶上啊,嘿嘿,多谢斑竹
【在 a****a 的大作中提到】
: 不好意思啊, 刚截止, 你这个包子我发给你 :)
【在 a****a 的大作中提到】
: 不好意思啊, 刚截止, 你这个包子我发给你 :)
相关阅读
大过节的,不要吵啦,推荐本函数编程的入门书吧?pandas 作者:Apache Arrow and the "10 Things I Hate About pandas"说到底,自己不是帅哥,越级找美女还是压力很大的请推荐 机器翻译 的rest API/open source package有没有做sentiment analysis的,求思路Machine Learning 问题葵花宝典版现在人怎么不多了?coroutine comes to Java交互程序是怎么自动测试的?需要做一个IM的App,后台用什么比较好?golang redis library国庆时候故宫,黄山之类的门票是怎么在网上销售的? (转载)请教哪个语言适合自己创业用js myFunc = (routePath, myRedirect) => (newUrl, middleware) => {...}Consulting Job: high hourly pay Sr. Developer (Blockchain)老年工程师转行学C++的更新的问题如果面试就是比刷题,那是不是根本不用学啥技术 (转载)ASUS神油上怎么记录访问和被访问的IP地址 (转载)辛顿的胶囊论文各位看了吗?想通过阅读范例代码学习multithreading, 哪些Java库大规模用了线程?