Last active
August 29, 2015 14:14
-
-
Save nojimage/c928bd660bfb4a749c23 to your computer and use it in GitHub Desktop.
CVE-2015-0235 vulnerable checker via http://www.openwall.com/lists/oss-security/2015/01/27/9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/env bash | |
| ## | |
| # CVE-2015-0235 restart all services that using `glibc` | |
| # | |
| # original code: | |
| # http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/#comment-10890 | |
| ## | |
| servicelist=""; | |
| for problemservice in `/usr/sbin/lsof 2> /dev/null | grep libc | awk '{print $1}' | sort -u`; do | |
| for service in `ls /etc/init.d/* | awk -F "/etc/init.d/" '{print $2}'`; do | |
| if [ "$problemservice" == "$service" ]; then | |
| if [ -n "`/sbin/service $problemservice status | grep running`" ]; then | |
| servicelist+=" $problemservice"; | |
| else | |
| echo "$problemservice found but service is not running"; | |
| fi; | |
| fi; | |
| done; | |
| done; | |
| count=`tr -dc ' ' <<<"$servicelist" | wc -c`; | |
| servicelist=`echo $servicelist | xargs`; | |
| echo -n "$count services have to be restarted ($servicelist): continue (y/N)? "; | |
| read continue; | |
| if [ $continue == "y" ]; then | |
| for service in $servicelist; do | |
| /sbin/service $service restart; | |
| done; | |
| else | |
| echo "Leaving without restarting services"; | |
| fi |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #include <netdb.h> | |
| #include <stdio.h> | |
| #include <stdlib.h> | |
| #include <string.h> | |
| #include <errno.h> | |
| #define CANARY "in_the_coal_mine" | |
| struct { | |
| char buffer[1024]; | |
| char canary[sizeof(CANARY)]; | |
| } temp = { "buffer", CANARY }; | |
| int main(void) { | |
| struct hostent resbuf; | |
| struct hostent *result; | |
| int herrno; | |
| int retval; | |
| /*** strlen (name) = size_needed - sizeof (*host_addr) - sizeof (*h_addr_ptrs) - 1; ***/ | |
| size_t len = sizeof(temp.buffer) - 16*sizeof(unsigned char) - 2*sizeof(char *) - 1; | |
| char name[sizeof(temp.buffer)]; | |
| memset(name, '0', len); | |
| name[len] = '\0'; | |
| retval = gethostbyname_r(name, &resbuf, temp.buffer, sizeof(temp.buffer), &result, &herrno); | |
| if (strcmp(temp.canary, CANARY) != 0) { | |
| puts("vulnerable"); | |
| exit(EXIT_SUCCESS); | |
| } | |
| if (retval == ERANGE) { | |
| puts("not vulnerable"); | |
| exit(EXIT_SUCCESS); | |
| } | |
| puts("should not happen"); | |
| exit(EXIT_FAILURE); | |
| } |
curl -L https://gist.githubusercontent.com/nojimage/c928bd660bfb4a749c23/raw/e14be2a8b77b4d5a9b6f942b4b6f360d7378d748/CVE-2015-0235__restart-services.sh > /tmp/CVE-2015-0235__restart-services.sh && sudo /bin/bash /tmp/CVE-2015-0235__restart-services.sh
再起動用。
/etc/init.d/ にあるサービスしか再起動しないので、やっぱりマシン再起動のほうが確実。
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
チェック用ワンライナー。