Ghost vulnerability
Marc Aymerich
glicerinu at gmail.com
Tue Feb 3 12:47:02 EST 2015
On Tue, Feb 3, 2015 at 4:53 AM, Rustom Mody <rustompmody at gmail.com> wrote:
> How many people (actually machines) out here are vulnerable?
>
>
> http://security.stackexchange.com/questions/80210/ghost-bug-is-there-a-simple-way-to-test-if-my-system-is-secure
>
> shows a python 1-liner to check
> --
> https://mail.python.org/mailman/listinfo/python-list
>
Not very reliable in my experience,
this python test does segfault on my *patched* Debian machine
root at web:~# python -c 'import socket;y="0"*50000000;socket.gethostbyname(y)'
Segmentation fault
However, the other test proposed on stackechange correctly reports that I'm
not vulnerable ;)
root at web:/tmp# wget
https://webshare.uchicago.edu/orgs/ITServices/itsec/Downloads/GHOST.c
root at web:/tmp# gcc GHOST.c -o GHOST
root at web:/tmp# ./GHOST
not vulnerable
--
Marc
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/python-list/attachments/20150203/64e43209/attachment.html>
More information about the Python-list
mailing list