OraclePitStop – Lets share some knowledge

CVE-2015-0235 – Ghost Vulnerability

Posted on February 19, 2015. Filed under: Oracle Engineered Systems | Tags: Exadata, Exalogic, Exalytics |

Post applies to Exadata, Exalogic and Exalytics.

Here is a check script to check if a system is vulnerable to GHOST security vulnerability.

######### testghost.sh #########

/usr/sbin/clockdiff `python -c “print ‘0’ * $((0x10000 – 16 * 1 – 2 * 4 – 1 – 4))” `
echo $?

php -r ‘$e = “0”;for($i = 0; $i < 2500; $i++){ $e = “0$e”; } gethostbyname($e);’
echo $?

###############################

Note: If the first set gives “Segmentation fault” and second returns “139”, then

the vulnerability is present in glibc.

###########################################

[root@server-name ~]# sh testghost.sh
clockdiff: ebs-template: my host not found
1
testghost.sh: line 4: 17976 Segmentation fault      php -r ‘$e = “0”;for($i = 0; $i < 2500; $i++){ $e = “0$e”; } gethostbyname($e);’
139
[root@ebs-template ~]#
###########################################

MOS documents to address the vulnerability

Exalogic :  CVE-2015-0235 – Ghost Vulnerability – Patch Availability for Oracle Exalogic Linux Physical and Virtual Racks (Doc ID 1965975.1)

Exalytics : CVE-2015-0235 AKA “Ghost” vulnerability in glibc – Patch Availability Document for Oracle Exalytics Linux Physical and Virtual systems (Doc ID 1966284.1)

Exadata : glibc vulnerability (CVE-2015-0235) patch availability for Oracle Exadata Database Machine (Doc ID 1965525.1)

Recently on OraclePitStop - Lets share some knowledge…