10 Replies Latest reply on Feb 3, 2015 7:49 PM by richard mcleod

    Auditing for GHOST Vulnerability

    Robert Stinnett

      (Kind of surprised I haven't seen anyone talking about this yet...)


      We need to run an audit job to see if we are vulnerable for GHOST.  I thought I had it down pat since we were going to audit to make sure all our servers were on a certain version of glibc.  I simply went to a server, drilled into the RPMs, and picked the glibc RPM for 64-bit with the version I needed and ran the audit.


      Problem is some servers have both the 32-bit and 64-bit installed, and it wants to check architecture as well.  If it pulls the 32-bit first, it fails.  I can see no way to turn off architecture check.


      Any advice or how are other people addressing this vulnerability?