|
|
漏洞信息:https://rhn.redhat.com/errata/RHSA-2016-0175.html
如下为具体操作方法:(在centos 6.5 环境下测试)
#####################################################
1. 如下为查看操作系统版本及glibc 版本
[iyunv@localhost ~]# cat /etc/redhat-release
CentOS release 6.5 (Final)
[iyunv@localhost ~]# uname -r
2.6.32-431.el6.x86_64
[iyunv@localhost ~]# uname -a
64 GNU/Linux
[iyunv@localhost ~]# cat /etc/resolv.conf
; generated by /sbin/dhclient-script
nameserver 127.0.0.1
[iyunv@localhost ~]# ls
anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
CVE-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master Templates
install.log Videos
install.log.syslog wordpress
master.zip wordpress-4.4.1-zh_CN.tar.gz
[iyunv@localhost glibc2.12.166]# rpm -qa | grep -i glibc
glibc-devel-2.12-1.132.el6.x86_64
glibc-common-2.12-1.132.el6.x86_64
glibc-2.12-1.132.el6.x86_64
glibc-headers-2.12-1.132.el6.x86_64
#####################################################
2. 下载CVE-2015-7547 ,解压后的文件如下:
[iyunv@localhost ~]# cd CVE-2015-7547-master/
[iyunv@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
#下载后 执行 python CVE-2015-7547-poc.py (此步大概要等10多分钟才出现信息)
[iyunv@localhost CVE-2015-7547-master]# python CVE-2015-7547-poc.py
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47403
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47404
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:47405
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47409
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:47410
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 39
[UDP] Total Data len recv 39
Connected with 127.0.0.1:47411
[TCP] Total Data len recv 82
[TCP] Request1 len recv 39
[TCP] Request2 len recv 39
^CTraceback (most recent call last):
File "CVE-2015-7547-poc.py", line 176, in <module>
tcp_thread()
File "CVE-2015-7547-poc.py", line 105, in tcp_thread
conn, addr = sock_tcp.accept()
File "/usr/lib64/python2.6/socket.py", line 197, in accept
sock, addr = self._sock.accept()
KeyboardInterrupt
##########################################################
3. 在linux另一个窗口编译 gcc CVE-2015-7547-client.c -o client
[iyunv@localhost ~]# cd CVE-2015-7547-master/
[iyunv@localhost CVE-2015-7547-master]# ll
total 32
-rw-r--r-- 1 root root 967 Mar 1 09:29 CVE-2015-7547-client.c
-rw-r--r-- 1 root root 4638 Mar 1 09:29 CVE-2015-7547-poc.py
-rw-r--r-- 1 root root 11357 Mar 1 09:29 LICENSE
-rw-r--r-- 1 root root 109 Mar 1 09:29 Makefile
-rw-r--r-- 1 root root 936 Mar 1 09:29 README
[iyunv@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
[iyunv@localhost CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[iyunv@localhost CVE-2015-7547-master]# ls
client CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
[iyunv@localhost CVE-2015-7547-master]# ./client
Segmentation fault (core dumped)
[iyunv@localhost CVE-2015-7547-master]#
执行 ./client 文件
如果返回 段错误(Segmentation fault) 有漏洞
如果返回 client: getaddrinfo: Name or service not known 漏洞已修复
###############################################################
4. 更新glibc ,下载glibc 相关的rpm包
[iyunv@localhost ~]# ls
anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
CVE-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master Templates
glibc2.12.166 Videos
install.log wordpress
install.log.syslog wordpress-4.4.1-zh_CN.tar.gz
master.zip
[iyunv@localhost ~]# cd glibc2.12.166/
#########################################################################
###############如下为glibc更新的rpm包#####################
[iyunv@localhost glibc2.12.166]# ls
glibc-2.12-1.166.el6_7.7.i686.rpm glibc-headers-2.12-1.166.el6_7.7.x86_64.rpm
glibc-2.12-1.166.el6_7.7.x86_64.rpm glibc-static-2.12-1.166.el6_7.7.x86_64.rpm
glibc-common-2.12-1.166.el6_7.7.x86_64.rpm glibc-utils-2.12-1.166.el6_7.7.x86_64.rpm
glibc-devel-2.12-1.166.el6_7.7.x86_64.rpm
###########强制安装rpm包###############################
[iyunv@localhost glibc2.12.166]# rpm -Uvh --nodeps --force glibc-*
Preparing... ########################################### [100%]
1:glibc-common ########################################### [ 14%]
2:glibc ########################################### [ 29%]
3:glibc-headers ########################################### [ 43%]
4:glibc-devel ########################################### [ 57%]
5:glibc-static ########################################### [ 71%]
6:glibc-utils ########################################### [ 86%]
7:glibc ########################################### [100%]
#######更新后查询glibc版本####################
[iyunv@localhost glibc2.12.166]# rpm -qa | grep -i glibc
glibc-static-2.12-1.166.el6_7.7.x86_64
glibc-headers-2.12-1.166.el6_7.7.x86_64
glibc-2.12-1.166.el6_7.7.i686
glibc-2.12-1.166.el6_7.7.x86_64
glibc-utils-2.12-1.166.el6_7.7.x86_64
glibc-common-2.12-1.166.el6_7.7.x86_64
glibc-devel-2.12-1.166.el6_7.7.x86_64
[iyunv@localhost glibc2.12.166]#
reboot重启服务器
##################################################################################
3. 使用第2步的方法检测是否还有漏洞
[iyunv@localhost ~]# ls
anaconda-ks.cfg Music
atomic-php55-php-cli-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0
atomic-php55-php-common-5.5.31-31.el6.art.x86_64.rpm nginx-1.8.0.tar.gz
atomic-php55-php-devel-5.5.31-31.el6.art.x86_64.rpm php-5.5.31
CVE-2015-7547-master php-5.5.31.tar.bz2
Desktop Pictures
Documents Public
Downloads rpmforge-release-0.5.3-1.el6.rf.x86_64.rpm
eaccelerator-master Templates
glibc2.12.166 Videos
install.log wordpress
install.log.syslog wordpress-4.4.1-zh_CN.tar.gz
master.zip
[iyunv@localhost ~]# cd CVE-2015-7547-master/
[iyunv@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
[iyunv@localhost CVE-2015-7547-master]# py
pydoc pygtk-demo python python2 python2.6
[iyunv@localhost CVE-2015-7547-master]# python CVE-2015-7547-poc.py
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34043
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34044
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34045
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 44
[UDP] Total Data len recv 44
Connected with 127.0.0.1:34046
[TCP] Total Data len recv 46
[TCP] Request1 len recv 44
[UDP] Total Data len recv 36
[UDP] Total Data len recv 36
Connected with 127.0.0.1:34047
[TCP] Total Data len recv 76
[TCP] Request1 len recv 36
[TCP] Request2 len recv 36
^CTraceback (most recent call last):
File "CVE-2015-7547-poc.py", line 176, in <module>
tcp_thread()
File "CVE-2015-7547-poc.py", line 105, in tcp_thread
conn, addr = sock_tcp.accept()
File "/usr/lib64/python2.6/socket.py", line 197, in accept
sock, addr = self._sock.accept()
KeyboardInterrupt
[iyunv@localhost ~]# cd CVE-2015-7547-master/
[iyunv@localhost CVE-2015-7547-master]# ls
CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
[iyunv@localhost CVE-2015-7547-master]# gcc CVE-2015-7547-client.c -o client
[iyunv@localhost CVE-2015-7547-master]# ls
client CVE-2015-7547-client.c CVE-2015-7547-poc.py LICENSE Makefile README
[iyunv@localhost CVE-2015-7547-master]# ./client
client: getaddrinfo: Name or service not known
如果返回 client: getaddrinfo: Name or service not known 漏洞已修复
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2016-3-2 08:58:28
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡