Solved

“Ghost”, glibc vulnerability

Posted on 2015-01-29
5
204 Views
Last Modified: 2015-02-02
I am trying to find info regarding “Ghost”, glibc vulnerability in VMware esxi host.
Anyone up there dealing with it?
0
Comment
Question by:sara2000
  • 2
  • 2
5 Comments
 
LVL 119

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40577797
As of Jan 28th 2015, every appliance and ESXi host is vulnerable.

As soon as it's fixed, VMware will release patches, another patch hit the streets yesterday VMware vCenter Server 5.5 Update 2d (27 Jan 2015)

see here

https://substructurenetworks.wordpress.com/2015/01/28/how-to-determine-if-your-vmware-appliances-are-vulnerable-to-the-ghost-glibc-vulnerability/
0
 

Author Comment

by:sara2000
ID: 40577903
I do not see anything on VMware website unless I am wrong?
0
 
LVL 119
ID: 40577980
It's only just been discovered, give them time to evaluate and patch it!
0
 
LVL 62

Expert Comment

by:gheist
ID: 40578529
2d is patch for openssl holes and makes paranoid memory non-deduplication optional. There are couple of others, namely ones dealing with stability of vmscsi...
All suse and centos based solution (like admin appliance, vcenter appliance) machines are 100% vulnerable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40584805
They now stated that they have vulnerable library shipped, though they dont use the vulnerable functions.
So no need to patch if you do not have 3rd party agents. If you have vendor modules installed - ask them... Without them you are safe.
0

Featured Post

Netscaler Common Configuration How To guides

If you use NetScaler you will want to see these guides. The NetScaler How To Guides show administrators how to get NetScaler up and configured by providing instructions for common scenarios and some not so common ones.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Exchange server is not supported in any cloud-hosted platform (other than Azure with Azure Premium Storage).
In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
Teach the user how to install vSphere Update Manager  Console to Windows system:  Install vSphere Update Manager: Configure vSphere Update Manager plug-in in vSphere Client: Verify vSphere Update Manager settings in vSphere Client:
Advanced tutorial on how to run the esxtop command to capture a batch file in csv format in order to export the file and use it for performance analysis. He demonstrates how to download the file using a vSphere web client (or vSphere client) and exp…

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question