Ghost Vulnerability Affecting Linux

You may have heard about a highly critical vulnerability called Ghost or Ghostbug (CVE-2015-0235) affecting most Linux distributions.

This vulnerability is present in the glibc (or eglibc) software on nearly every Linux server currently deployed, and affects versions originally released from 2000-2013. This means that the bug is present in nearly every deployed Linux server, estimates are currently said to be at ~90%.

If properly executed, this attack can lead to remote command execution and privilege escalation with relative trivial ease. We fully recommend that updates and reboots are carried out ASAP.

You can read more about it at the following URLS:

https://access.redhat.com/security/cve/CVE-2015-0235
http://arstechnica.com/security/2015/01/highly-critical-ghost-allowing-code-execution-affects-most-linux-systems/
https://news.ycombinator.com/item?id=8953545
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

As usual you’ll need to patch this yourself, here are some instructions on what you need to do…

Checking for the vulnerability

To check to see if your Linux server is vulnerable to CVE-2015-0235, please download (and check!) the following source code, compile it and run using the below commands:

$ wget https://gist.githubusercontent.com/chrisfu/2bbb99c4261b5337215b/raw/de1730049198c64eaf8f8ab015a3c8b23b63fd34/gistfile1.c
$ gcc gistfile1.c -o ghost-check
$ ./ghost-check

If you see “not vulnerable”, you don’t need to take any further action. However if you see the result “vulnerable”, you need to upgrade the affected packages and (preferably) reboot or restart all of the affected system services.

Patching the vulnerability

If you’re using:
Debian Squeeze (6.0) or newer,
Ubuntu Lucid LTS (10.04) or newer,
CentOS 5.0 or newer,
or RHEL 5.0 or newer, you can upgrade and reboot/restart with the below commands.

If you’re using:
Debian Lenny (5.0) or lower,
Ubuntu Hardy LTS (8.04) or lower,
CentOS 4.0 or lower,
or RHEL 4.0 or lower, please upgrade your operating system.

If you’re using:
Ubuntu Trusty LTS (14.04) or newer, you don’t need to take any further action.

Debian/Ubuntu
### To upgrade
$ sudo apt-get clean && sudo apt-get update && sudo apt-get -y install libc6 libc-bin libc6-dev libc-dev-bin

### To reboot (recommended for maximum security)
$ sudo reboot

### To restart affected system services without a reboot, do the following as the root user
$ sudo apt-get -y install lsof
# servicelist=””; for problemservice in `lsof 2> /dev/null | grep libc | awk ‘{print $1}’ | sort | uniq`; do for service in `ls /etc/init.d/* | awk -F “/etc/init.d/” ‘{print $2}’`; do if [ “$problemservice” == “$service” ]; then if [ -n “`service $problemservice status | grep running`” ]; then servicelist+=” $problemservice”; else echo “$problemservice found but service is not running”; fi; fi; done; done; count=`tr -dc ‘ ‘ <<<“$servicelist” | wc -c`; servicelist=`echo $servicelist | xargs`; echo -n “$count services have to be restarted ($servicelist): continue (y/N)? “; read continue; if [ $continue == “y” ]; then for service in $servicelist; do /etc/init.d/$service restart; done; else echo “Leaving without restarting services”; fi

RHEL/CentOS
### To upgrade
$ sudo yum clean all && sudo yum -y update glibc glibc-common

### To reboot (recommended for maximum security)
$ sudo reboot

### To restart affected system services without a reboot, do the following as the root user
$ yum -y install lsof
# servicelist=””; for problemservice in `lsof 2> /dev/null | grep libc | awk ‘{print $1}’ | sort | uniq`; do for service in `ls /etc/init.d/* | awk -F “/etc/init.d/” ‘{print $2}’`; do if [ “$problemservice” == “$service” ]; then if [ -n “`service $problemservice status | grep running`” ]; then servicelist+=” $problemservice”; else echo “$problemservice found but service is not running”; fi; fi; done; done; count=`tr -dc ‘ ‘ <<<“$servicelist” | wc -c`; servicelist=`echo $servicelist | xargs`; echo -n “$count services have to be restarted ($servicelist): continue (y/N)? “; read continue; if [ $continue == “y” ]; then for service in $servicelist; do /etc/init.d/$service restart; done; else echo “Leaving without restarting services”; fi

 

29th October Incident Update

The incident of 29th of October is now fully resolved and all services are performing as expected. A full investigation into the root cause has been completed with incident reports issued to all customers affected.

ServerLove would like to apologise again to all customers affected. Appropriate steps have already been taken to prevent ensure that a recurrence of the same issue in the future is not possible.

Maintenance Update 10:00 30/10

Following issues with the maintenance/upgrades carried out on 29th October all core systems were brought back during the afternoon. This did not resolve all issues experienced by customers, however, we believe that all individual issues reported by customers during the day and overnight have now been resolved.

To cater for the possibility that some individual machines may still have isolated issues that have not been raised, we are still going through the process of manually checking every VM to ensure that we can see it running as expected. If you have issues with a particular machine then please contact support@serverlove.com.

We will be compiling a full report to cover the following key points:

  • Why was this maintenance scheduled during normal working hours?
  • How/when were customers notified of the maintenance?
  • What went wrong?
  • What have we learnt that we will take on board for future maintenance?
  • How do we intend to attempt to make up for the inconvenience/ downtime suffered?

The report will be released before 17:00hrs on 31st October, at the latest, although we will be working to ensure that you have this information as soon as possible.

Please accept our apologies again.

ServerLove

Interim Maintenance Update – 15:45

Please accept our apologies for the issues suffered as a result of problems encountered during today’s maintenance window.

As things stand 15:45hrs we can see that the vast majority of customer machines are running as expected and a handful that are not. We are looking into issues with those that are showing errors as a matter of urgency.

We would like to check that if you have a machine that is down that this is already on our list that are being looked at, or if not that it’s added and we can start looking at that immediately.

If you have a machine/machines that are still down then please get in touch with us by email inbox@serverlove.com or by phone (0870 879 0000) with your ServerLove email address, machine name and IP address of the machine so that we can take these details and ensure that this is something that we are actively looking at.

Please accept our apologies again for the inconvenience.

ServerLove

ServerLove Maintenance Window – October 2014

ServerLove is changing. We’re investing in our platform, creating new features and bringing it up to date with a mind to further developments in the future. (Keep an eye on ServerLove.com or @loveyourservers for further announcements)

In order to do this we need to carry out some maintenance on the platform. With the exception of a required reboot of existing Cloud Servers that will take place during the maintenance window there should be no impact to service.

All ServerLove customers should have now received full details of the October maintenance window. Please get in touch if you’ve not received it.

 

Serverlove clinches knock-out win with Amir Khan

We’re excited to announce that Serverlove, our scalable cloud hosting service is now being used by professional boxer and Olympic silver medallist, Amir Khan for his new website!

Working with our friends Absolute Media in Bolton, we’re providing 24/7 scalable cloud hosting for Khan’s website, e-commerce and image licensing site.

Because Amir’s website traffic fluctuates around his fight schedule, we’re using Serverlove because it allows users to scale their servers up and down as required. This flexibility is a significant advantage and helps manage capacity for one-off situations, such as at launch when Amir tweeted his 1.1 million Twitter followers.

(For the geeks among you, we handled over 12.5 Mbit/second moments after Amir tweeted launching the site.)

We’re really pleased to be one of Team Khan’s partners. And, just like Amir Khan, we can keep handling the hits time after time. Through every round at every match, we’ll be in Team Khan’s corner supporting Amir with reliable server hosting 24/7.

Josh R, head of all the stuff @marsh80 won’t do @ Melbourne

A new, simpler way to upload your data to Serverlove

Good news, everyone! You can now upload your existing drives and data to Serverlove via FTP.

Serverlove is designed to let you upload and download your data, so that you can be as flexible as you want with migrating to our platform. Also, as you can run the operating system of your choice, you might want to upload an install or a disk image from another server.

If you’re happy with the command line, you can do this quite easily using our API. We even provide scripts for Linux and Mac OS X which Windows users can use with Cygwin.

If, however, you prefer a more drag-and-drop approach, you can now use our FTP server with your favourite FTP client to share data with your Serverlove account. Simply connect to:

ftp://ftp.z1-man.serverlove.com/

using your UUID as the username and API key as the password (you can find these in your Account Profile). Any files uploaded here will be imported to your account a disk, so make sure it’s formatted correctly.

Find out more at our uploading FAQ.

An even more secure Serverlove cloud :-)

When you choose to host with us, you’re trusting us with some of your most important information. So it’s important to know that your data is safe and secure. Whether it’s firewalls or physical security, we’ve got it covered.

Serverlove is part of Melbourne Server Hosting and is hosted in secure datacentres that are monitored around the clock. This also means we’ve been ISO 27001-certified – demonstrating our commitment to providing a high-quality and secure service to all our clients. We’re also BS 25999 compliant, demonstrating the measures we have in place to ensure we continue to provide support in the event of a major disruption, such as fire or flood!

Watch a video about the features of the datacentres that host Serverlove.

We’re also now providing an additional layer of security for your servers with the introduction of a firewall in the latest control panel update! Now, when you create or edit servers, you have the option of turning on the firewall and just allowing access to specific ports.

The firewall costs just £2 per month per server, so you can limit port access as needed for different applications. Read more about how it works in our Security FAQ.

To try it out, login to Serverlove now.

New control panel now live!

Sorry for the delay. The Serverlove control panel has been successfully upgraded! Login now to check out the new look and familiarise yourself with the new features.

We listened to your feedback and we’ve deployed a number of new and upgraded features. This means we’ve changed the way a few tasks are achieved within Serverlove.

Here’s a quick rundown of the main updates:

  1. You can now see a useful at-a-glance account summary when you login! This is great for checking up on your servers quickly.
  2. All your cloud servers are now managed under ‘Manage Cloud Servers’. Servers and Drives, Network Resources and Licenses can be added from this panel.
  3. Subscriptions have been replaced with licenses. You now no longer need a subscription for new static IP addresses or VLANs: you can simply add these to your account and they’ll be billed automatically from prepay balance. Conveniently, the servers to which your IP addresses are assigned show up next to the IPs!
  4. You can now set your own rDNS entries rather than having to raise a support ticket. This will make it quicker and easier for you to add any records you may need.
  5. We’ve implemented enhanced fraud protection, meaning that trials can be approved much quicker, along with a number of administration tools that will improve our ability to respond to your queries.
  6. We’ve also updated our Support section to be better structured and we’ll be developing new guides to help you get started quicker and answer common queries. There are a number of new pre-installed cloud server templates in the works, like WordPress and Magento so get in touch and let us know what you think what server templates you want us to create!

Log in to the Serverlove control panel now: http://www.serverlove.com/login/

As ever, if we can help in any way, do get in touch by emailing us at support@serverlove.com or call on 0870 879 0000.

Josh @ Serverlove

Making it lovable – the new Serverlove control panel

I blogged recently about some of the new features of the upgraded Serverlove control panel. In that blog, I wrote that our overriding goal at Serverlove is to make “cloud servers you’ll love!”.

So one of the things we looked at very carefully when designing the upgraded control panel was the look-and-feel of the interface. The existing control panel is definitely functional in approach, which offers clarity and avoids clutter, meaning users can get to grips with it quickly without being distracted. However, we always felt we could offer something even more finely designed while retaining that clarity and functionality. We just wanted to make it that little bit more lovable to use.

So, working with our designers Gavin and front-end developer Phil, we’ve developed a beautiful new theme for the control panel user interface. We’re bringing the look and feel of the Serverlove website right into all areas of the control panel, with gorgeously put-together motifs helping you navigate through the different sections of the interface and space for just enough help text to enhance the ease of use.

We also know it’s not just how it looks, but what is says. Sometimes, in the rush to develop exciting new products, we don’t get to refine the way we say things as much as we’d like. This time, we’ve made an extra effort to make the written copy of Serverlove useful, informative and friendly.

But this upgrade is more than just a facelift. As I mentioned previously, we’re making static IPs and VLANs generally easier to use and you’ll be able to service your own rDNS entries too. Behind the scenes, we’ve tweaked our API to make it respond more like you’d expect.

We also hope to roll-out updates to the control panel on a more frequent and ongoing basis. Many of these will be small things, but we’re also planning to deploy a whole set of new pre-installed server templates in the coming months and we’re looking forward to hearing you what you’d like to see.

The upgrade is due to happen this Thursday between 10:00 am – 12:00 pm so login after midday and check it out for yourself!

 
19 queries. 0.189 seconds.