GHOST glibc Vulnerability

January 28, 2015

A vulnerability named GHOST (CVE-2015-0235) affecting the GNU C library (glibc) has been discovered. This vulnerability does not affect Ubuntu 14.04. Only ServerPilot users with Ubuntu 12.04 servers had the vulnerable version of glibc.

As neither OpenSSH, Nginx, Apache, MySQL, or Postfix are considered vulnerable, there is low risk to your servers managed by ServerPilot.

One potential risk is through PHP scripts that call the function gethostbyname() with user-supplied input as the argument.

What We Have Done

We've updated glibc with a patched version on all Ubuntu 12.04 servers with automatic updates enabled. These servers also received a PHP update that restarted PHP processes so that the new glibc version is in use by the running PHP-FPM processes.

What You Should Do

To fully apply the updated glibc on your system, you should reboot your server by SSH'ing in as "root" or another administrative user and running the command:

sudo reboot

How to Verify Your Server Is Patched

To check which version of Ubuntu your server is using, run the following command:

lsb_release --release

If your server is running Ubuntu 12.04, you can verify the patched version of glibc is installed with the command:

dpkg-query -l libc6 | grep libc6

If the version listed is less than "2.15-0ubuntu10.10", your system still has the vulnerable glibc installed. This may be due, for example, to your server having automatic updates disabled. You can re-enable updates for your server through ServerPilot.

If you need to perform this update manually, you can use the following commands:

sudo apt-get update
sudo apt-get dist-upgrade

and then reboot your server with:

sudo reboot

You can also test PHP to see whether it is vulnerable with the command:

php5.6-sp -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);'

If that command fails with a "segmentation fault," PHP is still using a vulnerable version of glibc.

Don't hesitate to contact us if you have any questions.