I need to patch glibc for the Ghost vulnerability on a CentOS 3.9 server. Yes, I really wish I could get rid of that old distro, but unfortunately that is not possible due to an old legacy application that will not work with later versions.
I am looking for the least painful way to properly patch this server.
Perhaps the easiest would be to build and prep the source from the SRPM + manually edit this source and then build binaries.
So I grabbed the SRPM and built the source from it:
wget http://ift.tt/1yTe1gJ
rpm -ivh glibc-2.3.2-95.50.src.rpm
rpmbuild -bp /usr/src/redhat/SPECS/glibc.spec
But what exact file(s) need patching?
[glibc-2.3.2-200309260658]# find . -exec grep -l gethostbyname {} \;
This yields 60 files. I believe the method to patch is gethostbyname2 in:
./resolv/gethnamaddr.c
Is this correct?
Before I start editing this method manually to try to fix the buffer overflow issue, does anybody have before-and-after source of a properly patched glibc to guide me?
Aucun commentaire:
Enregistrer un commentaire