Solved

“Ghost”, glibc vulnerability

Posted on 2015-01-29
5
207 Views
Last Modified: 2015-02-02
I am trying to find info regarding “Ghost”, glibc vulnerability in VMware esxi host.
Anyone up there dealing with it?
0
Comment
Question by:sara2000
  • 2
  • 2
5 Comments
 
LVL 120

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40577797
As of Jan 28th 2015, every appliance and ESXi host is vulnerable.

As soon as it's fixed, VMware will release patches, another patch hit the streets yesterday VMware vCenter Server 5.5 Update 2d (27 Jan 2015)

see here

https://substructurenetworks.wordpress.com/2015/01/28/how-to-determine-if-your-vmware-appliances-are-vulnerable-to-the-ghost-glibc-vulnerability/
0
 

Author Comment

by:sara2000
ID: 40577903
I do not see anything on VMware website unless I am wrong?
0
 
LVL 120
ID: 40577980
It's only just been discovered, give them time to evaluate and patch it!
0
 
LVL 62

Expert Comment

by:gheist
ID: 40578529
2d is patch for openssl holes and makes paranoid memory non-deduplication optional. There are couple of others, namely ones dealing with stability of vmscsi...
All suse and centos based solution (like admin appliance, vcenter appliance) machines are 100% vulnerable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40584805
They now stated that they have vulnerable library shipped, though they dont use the vulnerable functions.
So no need to patch if you do not have 3rd party agents. If you have vendor modules installed - ask them... Without them you are safe.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
In this article, I will show you HOW TO: Suppress Configuration Issues and Warnings Alert displayed in Summary status for ESXi 6.5 after enabling SSH or ESXi Shell.
Teach the user how to install ESXi 5.5 and configure the management network System Requirements: ESXi Installation:  Management Network Configuration: Management Network Testing:
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:

740 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question