EmergencyEMERGENCY? Get 24/7 Help Now!

GHOST vulnerability (CVE-2015-0235) Percona response

 | January 29, 2015 |  Posted In: MySQL, Security

PREVIOUS POST
NEXT POST

Cloud security company Qualys announced Tuesday the issues prevalent in glibc since version 2.2 introduced in 2000-11-10 (the complete Qualys announcement may be viewed here). The vulnerability, CVE-2015-0235, has been dubbed “GHOST.”

As the announcement from Qualys indicates, it is believed that MySQL and by extension Percona Server are not affected by this issue.

Percona is in the process of conducting our own review into the issue related to the Percona Server source code – more information will be released as soon as it is available.

In the interim the current advisory is to update your glibc packages for your distributions if they are in fact vulnerable. The C code from the Qualys announcement may aid in your diagnostics, section 4 of this document or via this gist. I also wrote a very quick python script to help identify processes which may be running libc that you can access here.

Compiling the above and executing it will yield an output indicating if your glibc version is believed to be vulnerable or not vulnerable.

Distribution Resource Resource Links

    1. RedHat BZ: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2015-0235
    2. RedHat EL5 Errata: https://rhn.redhat.com/errata/RHSA-2015-0090.html
    3. RedHat EL6 / 7 Errata: https://rhn.redhat.com/errata/RHSA-2015-0092.html
    4. Ubuntu USN: http://www.ubuntu.com/usn/usn-2485-1/ (affects 10.04 12.04)
    5. Debian security tracker: https://security-tracker.debian.org/tracker/CVE-2015-0235

Distributions which use musl-libc (http://www.musl-libc.org/) are not affected by this issue.

Acknowledgements

Qualys

Robert Barabas – Percona
Raghavendra Prabhu – Percona
Laurynas Biveinis – Percona

PREVIOUS POST
NEXT POST
David Busby

Information Security Architect

4 Comments

  • Hi David,

    Why would the glibc library have any effect on MySQL ? Is MySQL using it?

    By the way, I couldn’t find anywhere in the announcement anything about MySQL not being affected by this exploit.

    On a side note, that all the hosting companies that we work with automatically issued a patch and restarted the Linux servers – which was extremely proactive of them!

  • Hi David,

    I have a question relating to it, is that as you say the PERCONA MySQL or MySQL is not vulnerable to it,
    But though a large part of procession kernel rely on ‘.so’ files which is used by importing GNU C (GLIBc) headers, and though buffer overflow can be initiated on remotely or locally to hamper the services, so does not Percona MySQL of MySQL is affected any how.

  • Fadi, Mohammed;

    From a brief code review it appears the only affected portions of the mysql code base are in,

    test cases, a UDF example and in NDB (node hostname lookup).

    Percona does not ship an NDB version; and I’ve yet to have had confirmation that NDB is indeed affected as suspected.

    Regardless the same recommendations follow that you should update and reboot regardless of whether MySQL itself is vulnerable some other service on the system may well be.

Leave a Reply