linux glibc 安全漏洞 CVE-2015-7547 修复与检测方法

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了linux glibc 安全漏洞 CVE-2015-7547 修复与检测方法相关的知识,希望对你有一定的参考价值。

参考链接:http://toutiao.com/i6253272495634252289/

漏洞信息:https://rhn.redhat.com/errata/RHSA-2016-0175.html

如下为具体操作方法:(在centos 6.5 环境下测试)

#####################################################

1. 如下为查看操作系统版本及glibc 版本
[[email protected] ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[[email protected] ~]# uname -r
2.6.32-431.el6.x86_64
[[email protected] ~]# uname -a
64 GNU/Linux
[[email protected] ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 127.0.0.1
[[email protected] ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
install.log                                           Videos
install.log.syslog                                    wordpress
master.zip                                            wordpress-4.4.1-zh_CN.tar.gz
[[email protected] glibc2.12.166]# rpm -qa | grep -i glibc
glibc-devel-2.12-1.132.el6.x86_64
glibc-common-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.x86_64
glibc-headers-2.12-1.132.el6.x86_64

#####################################################

2. 下载CVE-2015-7547 ,解压后的文件如下:

[[email protected] ~]# cd CVE-2015-7547-master/
[[email protected] CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
#下载后 执行 python CVE-2015-7547-poc.py (此步大概要等10多分钟才出现信息)

[[email protected] CVE-2015-7547-master]# python CVE-2015-7547-poc.py
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47403
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47404
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:47405
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47409
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47410
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 39
[UDP] Total Data len recv 39
Connected with 127.0.0.1:47411
[TCP] Total Data len recv 82
[TCP] Request1 len recv 39
[TCP] Request2 len recv 39
^CTraceback (most recent call last):
  File "CVE-2015-7547-poc.py", line 176, in <module>
    tcp_thread()
  File "CVE-2015-7547-poc.py", line 105, in tcp_thread
    conn, addr = sock_tcp.accept()
  File "/usr/lib64/python2.6/socket.py", line 197, in accept
    sock, addr = self._sock.accept()
KeyboardInterrupt
##########################################################

3. 在linux另一个窗口编译 gcc CVE-2015-7547-client.c -o client

[[email protected] ~]# cd CVE-2015-7547-master/
[[email protected] CVE-2015-7547-master]# ll
total 32
-rw-r--r-- 1 root root   967 Mar  1 09:29 CVE-2015-7547-client.c
-rw-r--r-- 1 root root  4638 Mar  1 09:29 CVE-2015-7547-poc.py
-rw-r--r-- 1 root root 11357 Mar  1 09:29 LICENSE
-rw-r--r-- 1 root root   109 Mar  1 09:29 Makefile
-rw-r--r-- 1 root root   936 Mar  1 09:29 README
[[email protected] CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README

[[email protected] CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[[email protected] CVE-2015-7547-master]# ls
client  CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[[email protected] CVE-2015-7547-master]# ./client
Segmentation fault (core dumped)
[[email protected] CVE-2015-7547-master]#

执行 ./client 文件

如果返回 段错误(Segmentation fault)  有漏洞

如果返回 client: getaddrinfo: Name or service not known 漏洞已修复

###############################################################

4. 更新glibc ,下载glibc 相关的rpm包
[[email protected] ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
glibc2.12.166                                         Videos
install.log                                           wordpress
install.log.syslog                                    wordpress-4.4.1-zh_CN.tar.gz
master.zip
[[email protected] ~]# cd glibc2.12.166/

#########################################################################

###############如下为glibc更新的rpm包#####################
[[email protected] glibc2.12.166]# ls
glibc-2.12-1.166.el6_7.7.i686.rpm           glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
glibc-2.12-1.166.el6_7.7.x86_64.rpm         glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm  glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
###########强制安装rpm包###############################

[[email protected] glibc2.12.166]# rpm -Uvh --nodeps --force glibc-*
Preparing...                ########################################### [100%]
   1:glibc-common           ########################################### [ 14%]
   2:glibc                  ########################################### [ 29%]
   3:glibc-headers          ########################################### [ 43%]
   4:glibc-devel            ########################################### [ 57%]
   5:glibc-static           ########################################### [ 71%]
   6:glibc-utils            ########################################### [ 86%]
   7:glibc                  ########################################### [100%]

#######更新后查询glibc版本####################
[[email protected] glibc2.12.166]# rpm -qa | grep -i glibc
glibc-static-2.12-1.166.el6_7.7.x86_64
glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686
glibc-2.12-1.166.el6_7.7.x86_64
glibc-utils-2.12-1.166.el6_7.7.x86_64
glibc-common-2.12-1.166.el6_7.7.x86_64
glibc-devel-2.12-1.166.el6_7.7.x86_64
[[email protected] glibc2.12.166]#

reboot重启服务器

##################################################################################

3. 使用第2步的方法检测是否还有漏洞
[[email protected] ~]# ls
anaconda-ks.cfg                                       Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm     nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm  nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm   php-5.5.31
CVE-2015-7547-master                                  php-5.5.31.tar.bz2
Desktop                                               Pictures
Documents                                             Public
Downloads                                             rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master                                   Templates
glibc2.12.166                                         Videos
install.log                                           wordpress
install.log.syslog                                    wordpress-4.4.1-zh_CN.tar.gz
master.zip
[[email protected] ~]# cd CVE-2015-7547-master/
[[email protected] CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[[email protected] CVE-2015-7547-master]# py
pydoc       pygtk-demo  python      python2     python2.6  
[[email protected] CVE-2015-7547-master]# python CVE-2015-7547-poc.py

[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34043
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34044
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34045
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34046
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:34047
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
^CTraceback (most recent call last):
  File "CVE-2015-7547-poc.py", line 176, in <module>
    tcp_thread()
  File "CVE-2015-7547-poc.py", line 105, in tcp_thread
    conn, addr = sock_tcp.accept()
  File "/usr/lib64/python2.6/socket.py", line 197, in accept
    sock, addr = self._sock.accept()
KeyboardInterrupt

 [[email protected] ~]# cd CVE-2015-7547-master/
[[email protected] CVE-2015-7547-master]# ls
CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[[email protected] CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[[email protected] CVE-2015-7547-master]# ls
client  CVE-2015-7547-client.c  CVE-2015-7547-poc.py  LICENSE  Makefile  README
[[email protected] CVE-2015-7547-master]# ./client
client: getaddrinfo: Name or service not known

如果返回 client: getaddrinfo: Name or service not known 漏洞已修复

以上是关于linux glibc 安全漏洞 CVE-2015-7547 修复与检测方法的主要内容,如果未能解决你的问题,请参考以下文章

glibc CVE-2015-7547漏洞的分析和修复方法

Linux内核漏洞提权(以CVE-2015-1328为例)

SSL/TLS 受诫礼(BAR-MITZVAH)攻击漏洞(CVE-2015-2808)漏洞加固指南

linux glibc漏洞修复 需要重启吗

CVE-2015-3636

CVE-2015-1635(MS15-034 )远程代码执行漏洞复现