NetIQ Access Gateway Appliance version 3.2.3 and 4.0.1 CVE-2015-0235 vulnerability

  • 7016115
  • 29-Jan-2015
  • 20-Feb-2015

Environment


NetIQ Access Manager
NetIQ Access Gateway Appliance 3.2
NetIQ Access Gateway Appliance 3.2 Support Pack 3
NetIQ Access Gateway Appliance 4.0
NetIQ Access Gateway Appliance 4.0 Support Pack 1
NetIQ Access Gateway Appliance 4.0 Support Pack 1 Hotfix 3

Situation

  • This problem nicknamed "GHOST" affects the NetIQ Access Gateway Appliance 3.2 and 4.0 which have not been patched using the update channel after the 29th of January 2015.

  • Note: Any operating system related security updates and patches are delivered by the configured update channels using the "zypper" tool. If you followed the instrcutions on "Installing or Updating Security Patches for the Access Gateway Appliance" in the Access Manager Installation or Migration and Update Guide documentation.You can review the current configured update channels running: "zypper lr"
    For the Access Gateway Appliance:

    Version 3.2 this looks like:

    # | Alias                                 | Name                                  | Enabled | Refresh
    --+---------------------------------------+---------------------------------------+---------+--------
    1 | NetIQAccessGatewayAppliance-3.2.0-327 | NetIQAccessGatewayAppliance-3.2.0-327 | Yes     | Yes   
    2 | nu_novell_com:NAM32-APP-Updates       | NAM32-APP-Updates                     | Yes     | Yes


    Version 4.0 this looks like:

    # | Alias                                | Name                                 | Enabled | Refresh
    --+--------------------------------------+--------------------------------------+---------+--------
    1 | NetIQAccessGatewayAppliance-4.0.1-88 | NetIQAccessGatewayAppliance-4.0.1-88 | Yes     | No    
    2 | nu_novell_com:NAM40-APP-Updates      | NAM40-APP-Updates                    | Yes     | Yes   



  • The current glibc version on the NetIQ Access Gateway Appliance for systems which have not been patched after the above mentioned date the are:

    • 4.0.1 is: "glibc-2.11.3-17.72.14"
    • 3.2.3 is: "glibc-2.11.1-0.38.1"

Resolution

  • the required patches have been added to the update channel at  the  29th of January 2015

  • NAM appliance channel has been refreshed for 4.0 and 3.2.3 line with below updates:
    x86_64/glibc-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-32bit-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-devel-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-devel-32bit-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-html-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-i18ndata-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-info-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-locale-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-locale-32bit-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-profile-2.11.3-17.74.13.x86_64.rpm
    x86_64/glibc-profile-32bit-2.11.3-17.74.13.x86_64.rpm
    x86_64/iptables-1.4.6-2.13.3.2.x86_64.rpm
    x86_64/metacity-2.28.1-0.20.1.x86_64.rpm
    x86_64/metacity-lang-2.28.1-0.20.1.x86_64.rpm
    x86_64/nscd-2.11.3-17.74.13.x86_64.rpm
    x86_64/perl-Net-DNS-0.63-43.10.1.x86_64.rpm
    x86_64/ruby-1.8.7.p357-0.9.17.1.x86_64.rpm
    x86_64/ruby-doc-html-1.8.7.p357-0.9.17.1.x86_64.rpm
    x86_64/ruby-tk-1.8.7.p357-0.9.17.1.x86_64.rpm
    x86_64/unzip-6.00-11.9.1.x86_64.rpm
    x86_64/vsftpd-2.0.7-4.27.1.x86_64.rpm

Additional Information

  • For the Access Gateway Service any OS related patches are provided by the OS vendor.

  • For Suse Linux Enterprise Server use the following link to review this issue and what needs to be done: http:///support.novell.com/security/cve/CVE-2015-0235.html

  • Note: changing any IP addresses for the Access Gateway Appliance after all OS patches have been applied using the update channel might end up loosing the loopback interface at: "/etc/sysconfig/network". Please review TID: 7016115 NetIQ Access Gateway Appliance 4.0 lost the loopback interface after applying security patches

Feedback service temporarily unavailable. For content questions or problems, please contact Support.