This article was last updated on:
RESOLVED This article will receive no further updates at this time.
On 27 January 2015, a vulnerability in all versions of the GNU C library (glibc) was announced by Qualys. The issue was a buffer overflow during DNS hostname resolution. Disclosure of this issue was coordinated with the various operating system vendors and patches were made available by RedHat soon after the initial announcement went out.
According to Qualys, this vulnerability allows unauthenticated remote code execution in any daemons or services that perform hostname lookups using the vulnerable functions in the GNU C library. This library is at the core of most services and software that runs on Linux systems.
Qualys developed working attacks for the EXIM mail transport agent that all cPanel & WHM systems use. Qualys also created a Metasploit module to make testing or exploitation of the vulnerability straightforward for an attacker. At present, Qualys has not released any attack code, only detailed analysis of the flaw and its impact.
How to determine if your server is affected
The updated RPMs provided by RedHat, CentOS, and CloudLinux should contain a changelog entry with the CVE number. You can check for this changelog entry with the following command:
If a changelog line is displayed, the server has the updated RPMs installed.
cPanel does not provide the glibc RPM. It is provided by the vendor of the operating system where cPanel & WHM is installed.
To fix this issue, run the following commands:
Verify the new glibc RPM was installed again:
Then reboot the server or manually restart all running services, as RHEL-based systems do not restart running daemons when libc is updated. A reboot or restart of all services is needed.