Is pfSense vulnerable to GHOST (CVE-2015-0235)

oneup_shroom · Jan 28, 2015, 3:18 PM

Hey guys,

Does anyone know if pfSense vulnerable to "GHOST" CVE-2015-0235 and if so is there a patch out for it?

Since pfSense is built off of FreeBSD I am assuming its not ..because freebsd's forum has a post saying its not vulnerable.. but I'd still like to know just in case. (https://forums.freebsd.org/threads/is-freebsd-vulnerable-to-ghost.50166/)

Thanks!

oneup_shroom

Articles:
http://www.zdnet.com/article/critical-linux-security-hole-found/
http://www.openwall.com/lists/oss-security/2015/01/27/9

jc2it · Jan 28, 2015, 5:24 PM

Good question, I think you would need to know if glibc was used to compile anything. If so then you would want to know what and how it was called.

I could probably figure this out in RH, but I don't know BSD enough yet to search the system. But lets see…

jc2it · Jan 28, 2015, 5:52 PM

In linux one can run the libc as a command like:

#/lib/libc.so.6

This will report the version information.

pfsense shell doesn't seem to work this way.

BTW in pfsense it seems to be /lib/libc.so.7

jc2it · Jan 28, 2015, 6:46 PM

from pfsense shell


#ldd -v /lib/libc.so.7
ldd: /lib/libc.so.7: this is an ELF program; use objdump to examine

Sooo after looking at the freebsd man page for objdump, I think this is what I want…


#objdump -i /lib/libc.so.7
BFD header file version 2.15 [FreeBSD] 2004-05-23
elf32-i386-freebsd
 (header little endian, data little endian)
  i386
elf32-i386
 (header little endian, data little endian)
  i386
efi-app-ia32
 (header little endian, data little endian)
  i386
srec
 (header endianness unknown, data endianness unknown)
  i386
symbolsrec
 (header endianness unknown, data endianness unknown)
  i386
tekhex
 (header endianness unknown, data endianness unknown)
  i386
binary
 (header endianness unknown, data endianness unknown)
  i386
ihex
 (header endianness unknown, data endianness unknown)
  i386

               elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
          i386 elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec

               tekhex binary ihex
          i386 tekhex binary ihex

also…


#find / -name libc.so*
/lib/libc.so.7
/var/dhcpd/lib/libc.so.7
#ls -la /var/dhcpd/lib/libc*
-r-xr-xr-x  1 dhcpd  _dhcp  1148004 Feb 22  2012 /var/dhcpd/lib/libc.so.7
#objdump -i /var/dhcpd/lib/libc.so.7
BFD header file version 2.15 [FreeBSD] 2004-05-23
elf32-i386-freebsd
 (header little endian, data little endian)
  i386
elf32-i386
 (header little endian, data little endian)
  i386
efi-app-ia32
 (header little endian, data little endian)
  i386
srec
 (header endianness unknown, data endianness unknown)
  i386
symbolsrec
 (header endianness unknown, data endianness unknown)
  i386
tekhex
 (header endianness unknown, data endianness unknown)
  i386
binary
 (header endianness unknown, data endianness unknown)
  i386
ihex
 (header endianness unknown, data endianness unknown)
  i386

               elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
          i386 elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec

               tekhex binary ihex
          i386 tekhex binary ihex

It doesn't look like glibc to me, but this is all new. ;)

cmb · Jan 29, 2015, 2:05 AM

that's not relevant to FreeBSD. With its Linux emulation, it seems it is (or might be), but that isn't something we use nor include.