Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-0235 PoC — GNU glibc 基于堆的缓冲区错误漏洞

Source
https://github.com/koudaiii-archives/cookbook-update-glibc
Associated Vulnerability
Title:GNU glibc 基于堆的缓冲区错误漏洞 (CVE-2015-0235)
Description:GNU glibc(又名GNU C Library,libc6)是一种按照LGPL许可协议发布的开源免费的C语言编译程序。 GNU glibc 2.2版本和2.18之前2.x版本中的‘__nss_hostname_digits_dots’函数存在基于堆的缓冲区溢出漏洞。本地和远程攻击者都可通过调用‘ gethostbyname*()’函数利用该漏洞以运行应用程序的用户权限执行任意代码,控制系统。
Description
cookbook for update glibc. CVE-2015-0235(GHOST)
Readme
cookbook-update-glibc
==================

### Overview

cookbook for update glibc.
CVE-2015-0235(GHOST)

* Japan
http://www.walbrix.com/jp/blog/2015-01-ghost.html

* English
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235

### Description

update glibc by Chef Solo.

* Attention. this cookbook need to reboot.

* Platform is Ubuntu and CentOS.

### Requirement

* cookbook 'build-essential'
* cookbook 'apt'
* cookbook 'yum-epal'

### Install

* Ruby 2.1.5 or later
* gem install bundler

### Usage

* bundle install

```bash
bundle install
```

* set node

```json
{
  "run_list": [
    "recipe[security_check_glibc]", # set exploit code and compile
    "recipe[security_update_glibc]" # node reboot after glibc update
  ]
}
```

* set test(default webapp)

```bash
$ mv spec/webapp spec/YourServer
```

* test

```bash
$ rake spec LOGIN_USER=loginuser PASS=userpassword
```

* provision server

```bash
$ bundle exec knife solo bootstrap YourServer
```

### Develop(Vagrant)

#### build and run test

* install virtualbox
* install vagrant

* bootstrapping

```bash
vagrant up
```

* add ssh config

```config
vagrant ssh-config >> ~/.ssh/config
```

* chanage Host

```
$ vim ~/.ssh/config
- Host default
+ Host webapp
```

* test

```bash
$ rake spec LOGIN_USER=vagrant PASS=vagrant
```

* provision server

```bash
$ bundle exec knife solo bootstrap webapp
```

* This Vagrant has been correspondence is complete.(glibc-2.12-1.149.el6_6.5.x86_64)

### Contribution
- Fork the this repository on GitHub
- Create a named feature branch (like add_component_x)
- Write your change
- If at all possible, write serverspec tests for your change and ensure they all pass
- Submit a pull request using GitHub
File Snapshot

 [4.0K]  /data/pocs/1187180054aa222c3e6e70d1e4347ddf3293c1a5
├── [ 199]  Berksfile
├── [ 387]  Berksfile.lock
├── [4.0K]  data_bags
├── [4.0K]  environments
├── [ 168]  Gemfile
├── [4.6K]  Gemfile.lock
├── [4.0K]  nodes
│   └── [  96]  webapp.json
├── [ 521]  Rakefile
├── [1.7K]  README.md
├── [4.0K]  roles
├── [4.0K]  site-cookbooks
│   ├── [4.0K]  security_check_glibc
│   │   ├── [ 495]  CHANGELOG.md
│   │   ├── [ 347]  metadata.rb
│   │   ├── [1.5K]  README.md
│   │   ├── [4.0K]  recipes
│   │   │   └── [ 453]  default.rb
│   │   └── [4.0K]  templates
│   │       └── [4.0K]  default
│   │           └── [ 906]  GHOST.c
│   └── [4.0K]  security_update_glibc
│       ├── [ 511]  CHANGELOG.md
│       ├── [ 356]  metadata.rb
│       ├── [1.5K]  README.md
│       └── [4.0K]  recipes
│           └── [ 444]  default.rb
├── [4.0K]  spec
│   ├── [ 752]  spec_helper.rb
│   └── [4.0K]  webapp
│       └── [ 231]  ghost_spec.rb
├── [3.0K]  Vagrantfile
└── [  44]  Vagrantfile.chef

13 directories, 20 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.