Solved

“Ghost”, glibc vulnerability

Posted on 2015-01-29
5
206 Views
Last Modified: 2015-02-02
I am trying to find info regarding “Ghost”, glibc vulnerability in VMware esxi host.
Anyone up there dealing with it?
0
Comment
Question by:sara2000
  • 2
  • 2
5 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40577797
As of Jan 28th 2015, every appliance and ESXi host is vulnerable.

As soon as it's fixed, VMware will release patches, another patch hit the streets yesterday VMware vCenter Server 5.5 Update 2d (27 Jan 2015)

see here

https://substructurenetworks.wordpress.com/2015/01/28/how-to-determine-if-your-vmware-appliances-are-vulnerable-to-the-ghost-glibc-vulnerability/
0
 

Author Comment

by:sara2000
ID: 40577903
I do not see anything on VMware website unless I am wrong?
0
 
LVL 119
ID: 40577980
It's only just been discovered, give them time to evaluate and patch it!
0
 
LVL 62

Expert Comment

by:gheist
ID: 40578529
2d is patch for openssl holes and makes paranoid memory non-deduplication optional. There are couple of others, namely ones dealing with stability of vmscsi...
All suse and centos based solution (like admin appliance, vcenter appliance) machines are 100% vulnerable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40584805
They now stated that they have vulnerable library shipped, though they dont use the vulnerable functions.
So no need to patch if you do not have 3rd party agents. If you have vendor modules installed - ask them... Without them you are safe.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
In this article we will learn how to backup a VMware farm using Nakivo Backup & Replication. In this tutorial we will install the software on a Windows 2012 R2 Server.
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:
This tutorial will walk an individual through the steps necessary to enable the VMware\Hyper-V licensed feature of Backup Exec 2012. In addition, how to add a VMware server and configure a backup job. The first step is to acquire the necessary licen…

827 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question