IntroductionThe CVE-2015-7547 issue was discovered by the Google Security Team and Red Hat.
Quite a lof systems are potentially vulnerable to this exploit:
- Red Hat Enterprise Linux 6 & CentOS 6: RHSA-2016:0175-1
- Red Hat Enterprise Linux 7 & CentOS 7: RHSA-2016:0176-1
- Debian Squeeze, Wheezy, Jessy & Stretch: CVE-2015-7547
- Ubuntu 12.04 & 14.04: CVE-2015-7547
As of the date of disclosure, this vulnerability affects approximately millions of Linux PCs and servers, and 66% of all Android devices.
The bug is caused by a reference leak in the Linux keyrings, the keyrings facility is used so that drivers retain or cache security data and other data in the kernel.
If an attacker controls the server that a victim is to access, it’s possible to crash the victim’s computer or even run malicious code.
In this tutorial, we will learn how to test and patch Ubuntu.
NoteEven if your operating system has been recently updated you may still be vulnerable depending on your kernel version, so I recommend you run this test on all your servers or desktop PC's.
Connect to your server via SSH
now we will check to make sure we don't have a vulnerable version of the glibc package
ldd --versionThe result looks like this
ldd (Ubuntu GLIBC 2.21-0ubuntu4.1) 2.21 Copyright (C) 2015 Free Software Foundation, Inc. This is free software; see the source for copying conditions. There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. Written by Roland McGrath and Ulrich Drepper.
Here are the patched versions for each Ubuntu Distro
Ubuntu 15.10: libc6 2.21-0ubuntu4.1 Ubuntu 14.04 LTS: libc6 2.19-0ubuntu6.7 Ubuntu 12.04 LTS: libc6 2.15-0ubuntu10.13
If your GLIBC version doesn't match the patched version
we will upgrade or GLIBC with the following command
To upgrade the affected package run:
sudo apt-get update && sudo apt-get install libc6
To update all your packages and distribution run
sudo apt-get update sudo apt-get dist-upgrade sudo reboot
That's it we should now have a new patched kernel and a new version of glibc that doesn't contain the bug.
If you would like more info on the vulnerability you can find it here. CVE-2015-7547 & CVE-2015-5229