Start today, secure tomorrow.

Ghost vulnerability python checker - CVE-2015-0235

By The-S-Unit Jan 28, 2015

Yesterday evening the Ghost vulnerability made it's entrance to the world.
It allows attackers to remotely take complete control of the victim system without having any access.
The vulnerability is caused by a buffer-overflow in the glibc library, a widely used component in Linux, BSD and other *nix types of systems
More information about this vulnerability at the Qualys blogs.

One of the issues with verifying this vulnerability is the way you have to run its test, you have to distribute files and run the binary according to their linux version and instruction sets.
Since Python is a widely adapted run-time environment we have created two python (quick and dirty) scripts to check the vulnerability.

How to Q&D test the Ghost vulnerability

  • Start python
  • Paste the code depending on your python version
  • For Python (from 2.5 and higher) use the following code
    from ctypes import CDLL
    CDLL('libc.so.6').gethostbyname('0' * 0x10000)
  • For older Python versions:
    import dl
    dl.open('libc.so.6').call('gethostbyname', '0' * 0x10000)
  • If "Segmentation fault (core dumped)" is the answer, your library's are NOT patched and you are vulnerable.
  • If a number will follow your systems is NOT vulnerable for this exploit.

References
1) https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/th...
2) http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

Vulnerability