gethostbyname*() buffer overflow exploit in glibc - CVE-2015-0235 https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
Originally Sourced from Ben Bomgardners post to the help-cfengine mailing list. https://groups.google.com/forum/#!topic/help-cfengine/tWjOlO19Mrw
MASTERFILES=/home/nickanderson/CFEngine/masterfiles
wget https://github.com/nickanderson/CVE_2015_0235/archive/master.tar.gz -O /tmp/CVE_2015_0235.tar.gz
tar --directory "$MASTERFILES/services" -zxvf /tmp/CVE_2015_0235.tar.gzcd $MASTERFILES/services/CVE_2015_2035/bins
gcc GHOST.c -o GHOST_CVE-2015-0235body common control
{
inputs => {
# Reports
@(cfengine_reports.inputs),
# If you want to activate this policy from autorun,
# then it needs to be included before autorun
# inptus.
"services/CVE_2015_0235/def.cf",
# autorun system
@(services_autorun.inputs),
};
}
Create /masterfiles/services/autorun/CVE_2015_0235.cf with the following content.
bundle agent CVE_2015_0235
{
meta:
# Make sure we get activated
"tags" slist => { "autorun" };
classes:
any::
# Enable the features we want
"enable_CVE_2015_0235_inventory" expression => "any";
methods:
# Make sure that the control bundle has converged
"CVE_2015_0235"
usebundle => CVE_2015_0235_def_file_control,
comment => "Activate each enabled policy";
# Activate the features we want if they are enabled
enable_CVE_2015_0235_inventory::
"CVE_2015_0235"
usebundle => CVE_2015_0235_inventory,
comment => "We want to know where we are vulnerable";
reports:
DEBUG|DEBUG_CVE_2015_0235::
"Activated: '$(this.bundle)' in '$(this.promise_filename)'";
}