Ghost Vulnerability

All installation and configuration problems and questions

Moderators: gerski, enjay, williamconley, Op3r, Staydog, gardo, mflorell, MJCoate, mcargile, Kumba, Michael_N

Ghost Vulnerability

Postby dspaan » Thu Jan 29, 2015 11:36 am

Hi,

Does anyone have a simple instruction on how to patch this on a ViCibox server?

I tried this guide but it destroyed my server:
http://www.cyberciti.biz/faq/cve-2015-0 ... ent-535479

:(
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby mcargile » Thu Jan 29, 2015 11:43 am

Which version of Vicibox?
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 617
Joined: Tue Jan 16, 2007 9:38 am

Re: Ghost Vulnerability

Postby mcargile » Thu Jan 29, 2015 11:59 am

http://support.novell.com/security/cve/ ... -0235.html

Vicibox 6 is not effected by GHOST as it is based off OpenSuSE 13.1
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 617
Joined: Tue Jan 16, 2007 9:38 am

Re: Ghost Vulnerability

Postby klept24 » Thu Jan 29, 2015 4:23 pm

Is Vicibox 5 is also affected?
klept24
 
Posts: 14
Joined: Wed Jan 14, 2015 11:25 am

Re: Ghost Vulnerability

Postby mcargile » Thu Jan 29, 2015 4:47 pm

Yes Vicibox 5 is vulnerable.

EDIT: And it is not likely to receive a patch as it is based off 12.3 OpenSuSE:
http://lists.opensuse.org/opensuse-secu ... 00005.html
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 617
Joined: Tue Jan 16, 2007 9:38 am

Re: Ghost Vulnerability

Postby klept24 » Thu Jan 29, 2015 5:09 pm

how im i supposed to fix this issue ? if there is no available patch. what is the best solution for this?
klept24
 
Posts: 14
Joined: Wed Jan 14, 2015 11:25 am

Re: Ghost Vulnerability

Postby dspaan » Thu Jan 29, 2015 7:29 pm

mcargile wrote:Which version of Vicibox?


ViciBox Redux v.3.1.15 release
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby mav2287 » Thu Jan 29, 2015 7:30 pm

Is there any reason you can't upgrade the server to 13.1?
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm

Re: Ghost Vulnerability

Postby dspaan » Fri Jan 30, 2015 2:43 am

For me when i did zypper up it upgraded the server from 11.3 to 12.1 but the most basic components were broken after that, MySQL and Asterisk.

Image
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby DomeDan » Fri Jan 30, 2015 6:37 am

I'm on 11.3 too, seams like a reinstall is what we need to do because the lifetime of 11.3 ended January 20th 2012 :lol:
and this vulnerability seams too serious to just rely on whitelist: http://www.pcworld.com/article/2876572/ ... tions.html
Qualys analysts developed a proof-of-concept exploit where they sent a specially crafted email to an Exim mail server running the vulnerable version of glibc and achieved a remote shell, giving them full control.

and do not try to update only glibc, it would probably break every program that rely on glibc
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Ghost Vulnerability

Postby dspaan » Fri Jan 30, 2015 8:15 am

But if port 25 is closed how would a malicious e-mail ever reach a vicidial server?
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby DomeDan » Fri Jan 30, 2015 8:31 am

an email is probably just one of the ways to exploit this, I guess gethostbyname is used by a few other programs in a gnu/linux system
Vicidial Partner. Region: Sweden/Norway.
Does Vicidial installation, configuration, customization, add-ons, CRM implementation, support, upgrading, network-related, pentesting etc. Remote and onsite assistance.
Email: domedan (at) gmail.com
DomeDan
 
Posts: 1226
Joined: Tue Jan 04, 2011 9:17 am
Location: Sweden

Re: Ghost Vulnerability

Postby mcargile » Fri Jan 30, 2015 9:00 am

Ghost effects any program that does a DNS look up including bash, SSH, apache, asterisk, mysql, and many many many others. An upgrade is advised.
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 617
Joined: Tue Jan 16, 2007 9:38 am

Re: Ghost Vulnerability

Postby dspaan » Fri Jan 30, 2015 9:42 am

Damn, how to upgrade an old vicibox full of customizations...
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby mav2287 » Fri Jan 30, 2015 4:04 pm

Copy all your directories and restore them. I just had to do this a while back, totally sucks. I used SCP -r to get all the directories and then used it to restore them all
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm

Re: Ghost Vulnerability

Postby mcargile » Fri Jan 30, 2015 4:34 pm

You can also use the Vicidial back up utility:

TestDialer:~# /usr/share/astguiclient/ADMIN_backup.pl --help
allowed run time options:
[--db-only] = only backup the database
[--db-without-logs] = do not backup the log tables in the database
[--conf-only] = only backup the asterisk conf files
[--without-db] = do not backup the database
[--without-conf] = do not backup the conf files
[--without-web] = do not backup web files
[--without-sounds] = do not backup asterisk sounds
[--without-voicemail] = do not backup asterisk voicemail
[--without-crontab] = do not backup crontab
[--ftp-transfer] = Transfer backup to FTP server
[--debugX] = super debug
[--debug] = debug
[--test] = test

Matt pretty much wrote it to back up a Vicidial system with customizations and restore it.
Michael Cargile | Director of Engineering | ViciDialGroup | http://www.vicidial.com

The official source for VICIDIAL services and support. 1-888-894-VICI (8424)
mcargile
Site Admin
 
Posts: 617
Joined: Tue Jan 16, 2007 9:38 am

Re: Ghost Vulnerability

Postby dspaan » Fri Jan 30, 2015 5:25 pm

Yes i do use the the vicidial backup utility to backup all my servers and ftp the backups nightly but it's still a pain to move over a server or in this case upgrade it. Something always breaks.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby mav2287 » Sun Feb 01, 2015 8:34 am

Did anyone ever write a restore utility though? That part is a pain
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm

Re: Ghost Vulnerability

Postby mflorell » Sun Feb 01, 2015 4:10 pm

There are a lot of different ways of restoring, and if you are in a cluster you only want to do a partial restore, so we usually try to keep that a manual process.

Here's a sample restore that we go over in our Administrator training classes:

Backup Process:
- /usr/share/astguiclient/ADMIN_backup.pl --help (to see options)
- /usr/share/astguiclient/ADMIN_backup.pl --without-web -–debugX

Restore Process:
- ls -lat /var/log/astguiclient/archive/
- cd /var/log/astguiclient/archive/
- tar xvfz 192.168.198.5_ALL_0.tar.gz
- cd var/log/astguiclient/archive/
- mv 192.168.198.5* /
- cd /
- ls -lat
- tar xvf 192.168.198.5_VOICEMAIL_0.tar
- tar xvf 192.168.198.5_CONF_0.tar
- tar xvf 192.168.198.5_BIN_0.tar
- tar xvf 192.168.198.5_LINUX_0.tar
- tar xvf 192.168.198.5_SOUNDS_0.tar
- (check for other tar files if you used other backup options)
- gunzip 192.168.198.5asterisk0.gz
- mysql asterisk
- \. 192.168.198.3asterisk0
- quit
mflorell
Site Admin
 
Posts: 18387
Joined: Wed Jun 07, 2006 2:45 pm
Location: Florida

Re: Ghost Vulnerability

Postby Workflow » Mon Feb 02, 2015 11:52 am

Hi Matt,

Thanks for the restore procedure!

Anyone tried to move data over from production to new server yet?
Workflow
 
Posts: 2
Joined: Mon Feb 02, 2015 11:46 am

Re: Ghost Vulnerability

Postby dspaan » Mon Feb 02, 2015 4:32 pm

Yes i did it a few times. But it's a different procedure if you restore it to the same server or to a different one with another IP address.

One thing i'm not sure about is if you extract tar files from an old vicibox 3 server to a fresh installed vicibox 6 server if it will work right away. For instance if you install the new server do you have to do the vicidial express or vicidial-install command yes or no? I always do it (never tried without that step) and if you do you have to take care you install asterisk 1.4 (i think?) and not asterisk 1.8 or your restore won't work. We also had problems with MySQL when restoring because it was a different version. My colleague had to do a lot of troubleshooting, it wasn't as simple as the steps above but maybe we also messed up along the way.

It depends on your starting situation and where you want to end up.

One more useful thing. If you want to move over your backup files from an old server to a new server i use this command to copy over the files"

nohup scp -rpC /var/log/astguiclient/archive/yourbackupfile_ALL_4.tar.gz root@yourserverip:/

Do this for each of the backup files and they will be copied to the root of the other server.

For copying over recordings you can't use the above command if there are many files, you'll get the error ' too many arguments' . I then install a program called Unison and use this command:

cd /var/spool/asterisk/monitorDONE
unison MP3 ssh://yourserverip//var/spool/asterisk/monitorDONE/MP3

To get mysql to work after moving stuff over you can try the mysql_upgrade command
You will have to use the server update ip script, server rebuild conf files, check if NTP is configured properly, update the server ip address in the server admin page, update audio store server and finally update your DNS records to point to your new server.
Regards, Dennis

Vicibox 9.0.1
Version: 2.14b0.5
SVN Version: 3199
DB Schema Version: 1588
Build: 200310-1801
dspaan
 
Posts: 1377
Joined: Fri Aug 21, 2009 1:40 pm
Location: The Netherlands

Re: Ghost Vulnerability

Postby mav2287 » Mon Feb 02, 2015 4:57 pm

I know this a bit off from what the last few post have been about, but I did an upgrade on a server to 13.1 this weekend. I made a backup of everything just in case before I started, but didn't need it. I had thought about going in and just using the vicibox 6 install and restoring, but I decided to try to upgrade first as it looked easier. If you go to the opensuse webpage and follow the upgrade instructions it isn't too bad. One thing worth noting though is that if you have the same experience I did you will need to re-install a few things afterwards. I had to reinstall most of the cpan modules, dahdi and asterisk perl.(that took my like 5min not a big deal at all)
ViciBox5.x86_64-5.0.3.preload from .iso upgraded to 13.1 | VERSION: 2.10-444c BUILD: 150129-0828 | 1.8.32.2-vici | Dual Server | No Digium/Sangoma Hardware | No Extra Software After Installation | Intel twin quad core 3Ghz Xeon chips | 32gb of RAM
mav2287
 
Posts: 256
Joined: Thu Oct 03, 2013 6:47 pm

Re: Ghost Vulnerability

Postby Workflow » Tue Feb 03, 2015 4:18 am

Hi Mav,

I've tried to upgrade from 12.1 and it was a complete mess :( Didn't work one bit, with my experiences, I'm not going to re-produce that on a production server.

Dspaan,

Thanks for the information here, I've taken a backup (all) using the ADMIN_backup.pl as matt said (Vicibox 4! Opensuse 12.1) and I've installed Vicibox 5.0.3 (Opensuse 12.3) with the same SVN version to see if this works, if so I might attempt to go up to V6.0.3. However, you can obtain the glibc patches on 12.3!

Will update this post anyway!
Workflow
 
Posts: 2
Joined: Mon Feb 02, 2015 11:46 am


Return to Support

Who is online

Users browsing this forum: No registered users and 81 guests