Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Is pfSense vulnerable to GHOST (CVE-2015-0235)

    General pfSense Questions
    3
    5
    2107
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • O
      oneup_shroom last edited by

      Hey guys,

      Does anyone know if pfSense vulnerable to "GHOST" CVE-2015-0235 and if so is there a patch out for it?

      Since pfSense is built off of FreeBSD I am assuming its not ..because freebsd's forum has a post saying its not vulnerable.. but I'd still like to know just in case. (https://forums.freebsd.org/threads/is-freebsd-vulnerable-to-ghost.50166/)

      Thanks!

      oneup_shroom

      Articles:
      http://www.zdnet.com/article/critical-linux-security-hole-found/
      http://www.openwall.com/lists/oss-security/2015/01/27/9

      1 Reply Last reply Reply Quote 0
      • J
        jc2it last edited by

        Good question, I think you would need to know if glibc was used to compile anything. If so then you would want to know what and how it was called.

        I could probably figure this out in RH, but I don't know BSD enough yet to search the system. But lets see…

        1 Reply Last reply Reply Quote 0
        • J
          jc2it last edited by

          In linux one can run the libc as a command like:

          #/lib/libc.so.6

          This will report the version information.

          pfsense shell doesn't seem to work this way.

          BTW in pfsense it seems to be /lib/libc.so.7

          1 Reply Last reply Reply Quote 0
          • J
            jc2it last edited by

            from pfsense shell

            
            #ldd -v /lib/libc.so.7
            ldd: /lib/libc.so.7: this is an ELF program; use objdump to examine
            
            

            Sooo after looking at the freebsd man page for objdump, I think this is what I want…

            
            #objdump -i /lib/libc.so.7
            BFD header file version 2.15 [FreeBSD] 2004-05-23
            elf32-i386-freebsd
             (header little endian, data little endian)
              i386
            elf32-i386
             (header little endian, data little endian)
              i386
            efi-app-ia32
             (header little endian, data little endian)
              i386
            srec
             (header endianness unknown, data endianness unknown)
              i386
            symbolsrec
             (header endianness unknown, data endianness unknown)
              i386
            tekhex
             (header endianness unknown, data endianness unknown)
              i386
            binary
             (header endianness unknown, data endianness unknown)
              i386
            ihex
             (header endianness unknown, data endianness unknown)
              i386
            
                           elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
                      i386 elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
            
                           tekhex binary ihex
                      i386 tekhex binary ihex
            
            

            also…

            
            #find / -name libc.so*
            /lib/libc.so.7
            /var/dhcpd/lib/libc.so.7
            #ls -la /var/dhcpd/lib/libc*
            -r-xr-xr-x  1 dhcpd  _dhcp  1148004 Feb 22  2012 /var/dhcpd/lib/libc.so.7
            #objdump -i /var/dhcpd/lib/libc.so.7
            BFD header file version 2.15 [FreeBSD] 2004-05-23
            elf32-i386-freebsd
             (header little endian, data little endian)
              i386
            elf32-i386
             (header little endian, data little endian)
              i386
            efi-app-ia32
             (header little endian, data little endian)
              i386
            srec
             (header endianness unknown, data endianness unknown)
              i386
            symbolsrec
             (header endianness unknown, data endianness unknown)
              i386
            tekhex
             (header endianness unknown, data endianness unknown)
              i386
            binary
             (header endianness unknown, data endianness unknown)
              i386
            ihex
             (header endianness unknown, data endianness unknown)
              i386
            
                           elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
                      i386 elf32-i386-freebsd elf32-i386 efi-app-ia32 srec symbolsrec
            
                           tekhex binary ihex
                      i386 tekhex binary ihex
            
            

            It doesn't look like glibc to me, but this is all new.  ;)

            1 Reply Last reply Reply Quote 0
            • C
              cmb last edited by

              that's not relevant to FreeBSD. With its Linux emulation, it seems it is (or might be), but that isn't something we use nor include.

              1 Reply Last reply Reply Quote 0
              • First post
                Last post

              Products

              • Platform Overview
              • TNSR
              • pfSense Plus
              • Appliances

              Services

              • Training
              • Professional Services

              Support

              • Subscription Plans
              • Contact Support
              • Product Lifecycle
              • Documentation

              News

              • Media Coverage
              • Press
              • Events

              Resources

              • Blog
              • FAQ
              • Find a Partner
              • Resource Library
              • Security Information

              Company

              • About Us
              • Careers
              • Partners
              • Contact Us
              • Legal
              Our Mission

              We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

              Subscribe to our Newsletter

              Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

              © 2021 Rubicon Communications, LLC | Privacy Policy