Solved

“Ghost”, glibc vulnerability

Posted on 2015-01-29
5
218 Views
Last Modified: 2015-02-02
I am trying to find info regarding “Ghost”, glibc vulnerability in VMware esxi host.
Anyone up there dealing with it?
0
Comment
Question by:sara2000
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
  • 2
5 Comments
 
LVL 121

Accepted Solution

by:
Andrew Hancock (VMware vExpert / EE MVE^2) earned 500 total points
ID: 40577797
As of Jan 28th 2015, every appliance and ESXi host is vulnerable.

As soon as it's fixed, VMware will release patches, another patch hit the streets yesterday VMware vCenter Server 5.5 Update 2d (27 Jan 2015)

see here

https://substructurenetworks.wordpress.com/2015/01/28/how-to-determine-if-your-vmware-appliances-are-vulnerable-to-the-ghost-glibc-vulnerability/
0
 

Author Comment

by:sara2000
ID: 40577903
I do not see anything on VMware website unless I am wrong?
0
 
LVL 121
ID: 40577980
It's only just been discovered, give them time to evaluate and patch it!
0
 
LVL 62

Expert Comment

by:gheist
ID: 40578529
2d is patch for openssl holes and makes paranoid memory non-deduplication optional. There are couple of others, namely ones dealing with stability of vmscsi...
All suse and centos based solution (like admin appliance, vcenter appliance) machines are 100% vulnerable.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40584805
They now stated that they have vulnerable library shipped, though they dont use the vulnerable functions.
So no need to patch if you do not have 3rd party agents. If you have vendor modules installed - ask them... Without them you are safe.
0

Featured Post

Simplifying Server Workload Migrations

This use case outlines the migration challenges that organizations face and how the Acronis AnyData Engine supports physical-to-physical (P2P), physical-to-virtual (P2V), virtual to physical (V2P), and cross-virtual (V2V) migration scenarios to address these challenges.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article will show you how to create an ISO CD-ROM/DVD-ROM image (*.iso), and MD5 checksum signature, for use with VMware vSphere Hypervisor 6.5 (ESXi 6.5). It's a good idea to compare checksums, because many installations fail because of a corr…
Giving access to ESXi shell console is always an issue for IT departments to other Teams, or Projects. We need to find a way so that teams can use ESXTOP for their POCs, or tests without giving them the access to ESXi host shell console with a root …
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question