GHOST (CVE-2015-0235) - Critical glibc Vulnerability in Linux

Article ID: UFS0011 The GHOST vulnerability in Linux operating systems can allow a remote attacker to execute arbitrary code

Symptom

GHOST (CVE-2015-0235) vulnerability which may be invoked directly or indirectly on computers with a Linux operating system, allows a remote attacker to make an application call to execute arbitrary code.

Cause

GHOST (CVE-2015-0235) vulnerability is a 'buffer overflow' bug affecting the glibc library functions gethostbyname() and gethostbyname2(). This vulnerability allows a remote attacker to use either of these functions to execute arbitrary code with the permissions of the user running the application. Any application performing DNS resolution using these two function calls in the glibc library is affected

Resolution

All customers are urged to immediately take the following steps for any computers running Linux:

  1. Contact the Linux vendor for the latest version of glibc, and update glibc on all Linux computers.
  2. After updating, restart the computer.
  3. Restart Commvault Services.

Additionally, for virtual environments with File Recovery Enabler for Linux installed, we recommend you do either of the following:

  1. Update File Recovery Enabler for Linux by running “yum update” on a root shell,
  2. Restart the virtual machine
  3. Restart Commvault Services. 

To install a new File Recovery Enabler for Linux, download the patched version,
FBRTemplate64.ova - File Recovery Enabler for Linux (FRE) with SP9 (patched for GHOST & NTP vulnerabilities) from the Cloud Services site or from Maintenance Advantage. (For detailed instructions, see Deploying the File Recovery Enabler.)

For more information about accessing the Cloud Services website, see Software Store.

For more information on this vulnerability and vendor instructions see:

Redhat bug advisory :  https://access.redhat.com/articles/1332213

SLES bug advisory : https://www.novell.com/support/kb/doc.php?id=7016113

How to fix the problem on various linux distros : https://www.digitalocean.com/community/tutorials/how-to-protect-your-linux-server-against-the-ghost-vulnerability