The GNU C Library (glibc) is the GNU Project's implementation of the C standard library.
Questions tagged [glibc]
28 questions
61
votes
4 answers
GHOST bug: is there a simple way to test if my system is secure?
GHOST (CVE-2015-0235) just popped up. How can I quickly check if a system of mine is secure? Ideally with a one line shell command.
According to the ZDNet article "you should then reboot the system". Ideally the test would also indicate this...
the
- 1,841
- 2
- 16
- 33
10
votes
1 answer
Is Java vulnerable to glibc GHOST Vulnerability in Linux?
I see on our RedHat Linux platform that "java" process has dependency over glibc library:
[root@hpproliant1 ~]# ldd /usr/bin/java
linux-gate.so.1 => (0xffffe000)
libpthread.so.0 => /lib/libpthread.so.0 (0xf7f77000)
libjli.so =>…
Mert Z.
- 201
- 2
- 4
10
votes
1 answer
GHOST: which services are vulnerable, ssh, web server?
GHOST (CVE-2015-0235) just popped up.
GHOST bug: is there a simple way to test if my system is secure? deals with how to find out if your system is vulnerable.
exim is mentioned specifically.
Apparently OpenSSH is vulnerable but attacks can easily…
the
- 1,841
- 2
- 16
- 33
10
votes
2 answers
Why must a ret2libc attack follow the order "system(),exit(),command?
In a ret2libc attack, I understand that the return address can be overwritten with the address of the system command, which takes a command string as an argument. In this case, shouldn't the address of the command string come directly after the…
Lew Wei Hao
- 429
- 5
- 13
9
votes
1 answer
Jump Oriented Programming segmentation fault issue
I found this interesting post on jop, and since I was not familiar with the concept I decided to play with it. I managed to call arbitrary functions defined in my binary with or without arguments, but never managed to run the example given on the…
dearn44
- 193
- 5
9
votes
1 answer
In light of the glibc DNS vulnerability, why aren't Linux distros updating install images?
Doesn't that make the mere act of updating a newly installed Linux instance unsafe, since the initially installed package manager is vulnerable? Am I missing something?
For example, the current Ubuntu 15.10 image dates 21 Oct…
lamefun
- 193
- 5
7
votes
2 answers
Is ASLR useless in preventing attacks such as return-to-libc in linux?
If i'm correct, due ASLR we load libc into some random address. And then in order to make that happen without allowing write permissions of text pages within memory we use plt/got. Now I can simply jump back into some libc@plt function that is…
DrPrItay
- 179
- 1
- 5
6
votes
1 answer
How to restrict dlopen() from or to certain paths?
If I want to disable execution of programs on a filesystem, I can use the noexec mount option.
However, this doesn’t works with dynamic libraries loaded throughdlopen(). So what is the way to do it with nacl or seccomp ? (this is for untrusted…
user2284570
- 1,402
- 1
- 14
- 33
5
votes
1 answer
How to bypass ASLR with ROP
I was reading this article by the InfoSec institute:
http://resources.infosecinstitute.com/an-introduction-to-returned-oriented-programming-linux/#gref
And was able to follow along until he did the ROP Chain.
He finds the offset of printf and execve…
alloy
- 51
- 1
- 3
5
votes
1 answer
strategy for dealing with glibc issues through all docker containers
CVE-2015-7547 affects glibc, which is present in pretty nearly all docker containers. There's an automated process underway which will update all official containers, but it's not immediately clear how I should manage the situation.
Some third…
mc0e
- 491
- 2
- 14
4
votes
1 answer
Return-to-libc Attack mystery
I'm studying the Return-to-libc Attack and I understand the concept. But one thing still does not make sense. In order to make the attack I need the memory address of system() and "/bin/sh", which is different on every system. And all the examples I…
Spring
- 253
- 1
- 6
4
votes
2 answers
return to libc- finding libc's address and finding offsets
So I tried performing a return-to-libc according to https://sploitfun.wordpress.com/2015/05/08/bypassing-nx-bit-using-return-to-libc/ .
I found libc's address by using "ldd vuln", and found system's offset by using "readelf -s…
Jonathan
- 53
- 1
- 2
- 7
3
votes
2 answers
How to confirm that my router is vulnerable to the glibc vulnerability (CVE-2015-7547)?
I have tried PoC from Google (https://github.com/fjserna/CVE-2015-7547) to test my host PC (first execute the server side PoC then execute client side PoC). It was vulnerable.
Now I want to check my router, but I'm not sure how to test it.
Iif I…
Lee Youngho
- 31
- 1
3
votes
1 answer
return-to-libc attack
I was trying to attempt at return-to-libc buffer overflow attack for my Computer Software Security assignment. As far as my understanding goes, we can do these kind of attacks regardless of stack protection measures such as canaries and…
yellowflash
- 35
- 1
- 6
2
votes
1 answer
CTF setup for debugging heap exploits
I'm currently studying binary heap exploitation (mainly the glibc (ptmalloc2) implementation), for CTF competitions. The problem I'm facing is debugging challenges designed for a certain glibc version. I know there are some differences between (for…
Z. Alessandro
- 23
- 3