linux glibc 安全漏洞 CVE-2015-7547 修复与检测方法

标签：linux glibc漏洞

参考链接：http://toutiao.com/i6253272495634252289/

漏洞信息：https://rhn.redhat.com/errata/RHSA-2016-0175.html

如下为具体操作方法：（在centos 6.5 环境下测试）

#####################################################

1. 如下为查看操作系统版本及glibc 版本
[root@localhost ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[root@localhost ~]# uname -r
2.6.32-431.el6.x86_64
[root@localhost ~]# uname -a
64 GNU/Linux
[root@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 127.0.0.1
[root@localhost ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
install.log                                           Videos
install.log.syslog                                    wordpress
master.zip                                            wordpress-4.4.1-zh_CN.tar.gz
[root@localhost glibc2.12.166]# rpm -qa | grep -i glibc
glibc-devel-2.12-1.132.el6.x86_64
glibc-common-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.x86_64
glibc-headers-2.12-1.132.el6.x86_64

#####################################################

2. 下载CVE-2015-7547 ，解压后的文件如下：

[root@localhost ~]# cd CVE-2015-7547-master/
[root@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
#下载后 执行 python CVE-2015-7547-poc.py (此步大概要等10多分钟才出现信息)

[root@localhost CVE-2015-7547-master]# python CVE-2015-7547-poc.py
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47403
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47404
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:47405
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47409
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47410
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 39
[UDP] Total Data len recv 39
Connected with 127.0.0.1:47411
[TCP] Total Data len recv 82
[TCP] Request1 len recv 39
[TCP] Request2 len recv 39
^CTraceback (most recent call last):
  File "CVE-2015-7547-poc.py", line 176, in <module>
    tcp_thread()
  File "CVE-2015-7547-poc.py", line 105, in tcp_thread
    conn, addr = sock_tcp.accept()
  File "/usr/lib64/python2.6/socket.py", line 197, in accept
    sock, addr = self._sock.accept()
KeyboardInterrupt
##########################################################

3. 在linux另一个窗口编译　gcc CVE-2015-7547-client.c -o client

[root@localhost ~]# cd CVE-2015-7547-master/
[root@localhost CVE-2015-7547-master]# ll
total 32
-rw-r--r-- 1 root root   967 Mar  1 09:29 CVE-2015-7547-client.c
-rw-r--r-- 1 root root  4638 Mar  1 09:29 CVE-2015-7547-poc.py
-rw-r--r-- 1 root root 11357 Mar  1 09:29 LICENSE
-rw-r--r-- 1 root root   109 Mar  1 09:29 Makefile
-rw-r--r-- 1 root root   936 Mar  1 09:29 README
[root@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README

[root@localhost CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[root@localhost CVE-2015-7547-master]# ls
client  CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[root@localhost CVE-2015-7547-master]# ./client
Segmentation fault (core dumped)
[root@localhost CVE-2015-7547-master]#

执行 ./client 文件

如果返回　段错误(Segmentation fault) 　有漏洞

如果返回　client: getaddrinfo: Name or service not known　漏洞已修复

###############################################################

4. 更新glibc ，下载glibc 相关的rpm包
[root@localhost ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
glibc2.12.166                                         Videos
install.log                                           wordpress
install.log.syslog                                    wordpress-4.4.1-zh_CN.tar.gz
master.zip
[root@localhost ~]# cd glibc2.12.166/

#########################################################################

###############如下为glibc更新的rpm包#####################
[root@localhost glibc2.12.166]# ls
glibc-2.12-1.166.el6_7.7.i686.rpm           glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
glibc-2.12-1.166.el6_7.7.x86_64.rpm         glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm  glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
###########强制安装rpm包###############################

[root@localhost glibc2.12.166]# rpm -Uvh --nodeps --force glibc-*
Preparing...                ########################################### [100%]
   1:glibc-common           ########################################### [ 14%]
   2:glibc                  ########################################### [ 29%]
   3:glibc-headers          ########################################### [ 43%]
   4:glibc-devel            ########################################### [ 57%]
   5:glibc-static           ########################################### [ 71%]
   6:glibc-utils            ########################################### [ 86%]
   7:glibc                  ########################################### [100%]

#######更新后查询glibc版本####################
[root@localhost glibc2.12.166]# rpm -qa | grep -i glibc
glibc-static-2.12-1.166.el6_7.7.x86_64
glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686
glibc-2.12-1.166.el6_7.7.x86_64
glibc-utils-2.12-1.166.el6_7.7.x86_64
glibc-common-2.12-1.166.el6_7.7.x86_64
glibc-devel-2.12-1.166.el6_7.7.x86_64
[root@localhost glibc2.12.166]#

reboot重启服务器

##################################################################################

3. 使用第2步的方法检测是否还有漏洞
[root@localhost ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
glibc2.12.166                                         Videos
install.log                                           wordpress
install.log.syslog                                    wordpress-4.4.1-zh_CN.tar.gz
master.zip
[root@localhost ~]# cd CVE-2015-7547-master/
[root@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[root@localhost CVE-2015-7547-master]# py
pydoc       pygtk-demo  python      python2     python2.6  
[root@localhost CVE-2015-7547-master]# python CVE-2015-7547-poc.py

[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34043
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34044
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34045
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34046
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:34047
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
^CTraceback (most recent call last):
  File "CVE-2015-7547-poc.py", line 176, in <module>
    tcp_thread()
  File "CVE-2015-7547-poc.py", line 105, in tcp_thread
    conn, addr = sock_tcp.accept()
  File "/usr/lib64/python2.6/socket.py", line 197, in accept
    sock, addr = self._sock.accept()
KeyboardInterrupt

 [root@localhost ~]# cd CVE-2015-7547-master/
[root@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[root@localhost CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[root@localhost CVE-2015-7547-master]# ls
client  CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[root@localhost CVE-2015-7547-master]# ./client
client: getaddrinfo: Name or service not known

如果返回　client: getaddrinfo: Name or service not known　漏洞已修复

linux glibc 安全漏洞 CVE-2015-7547 修复与检测方法

标签：linux glibc漏洞

原文地址：http://122269875.blog.51cto.com/1660536/1746263