Linux Glibc库安全漏洞修检测

1. 代码编辑

#include <netdb.h> #include <stdio.h> #include <stdlib.h> #include <string.h> #include <errno.h> #define CANARY "in_the_coal_mine" struct {char buffer[1024];char canary[sizeof(CANARY)]; } temp = { "buffer", CANARY }; int main(void) {struct hostent resbuf;struct hostent *result;int herrno;int retval;/*** strlen (name) = size_needed -sizeof (*host_addr) – sizeof (*h_addr_ptrs) – 1; ***/size_t len = sizeof(temp.buffer) -16*sizeof(unsigned char) – 2*sizeof(char *) – 1;char name[sizeof(temp.buffer)];memset(name, ‘0’, len);name[len] = ‘\0’;retval = gethostbyname_r(name,&resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno);if (strcmp(temp.canary, CANARY) !=0) {puts("vulnerable");exit(EXIT_SUCCESS);}if (retval == ERANGE) {puts("notvulnerable");exit(EXIT_SUCCESS);}puts("should nothappen");exit(EXIT_FAILURE); }

2. 编译代码

$gcc GHOST.c -o GHOST

3. 漏洞检测：$./GHOSTvulnerable表示存在漏洞，需要进行修复。$./GHOSTnotvulnerable表示修复成功。

4. 漏洞修复

建议修补方案 Centos 5/6/7： yum update glibc Ubuntu 12/14 apt-get update apt-get install libc6 Debian 6 wget -O /etc/apt/sources.list.d/debian6-lts.list apt-get update apt-get install libc6 Debian 7 apt-get update apt-get install libc6 Opensuse 13 zypper refresh zypper update glibc*

，感受最美的风景。你曾经说，