CVE-2015-0235 "GHOST" vulnerability with glibc gethostbyname

  • 7016171
  • 10-Feb-2015
  • 10-Feb-2015

Environment

Sentinel 7.2.2 Appliance
SLES11SP3

Situation

NetIQ is aware of a vulnerability affecting the SuSE Linux Enterprise Server 11Service Pack 3, (SLES 11 SP3), operating system:

Heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc2.2 and other 2.x versions prior to 2.18 , allows context-dependent attackers to execute arbitrary code via vectors related to (1) gethostbyname or (2) gethostbyname2 function.

The following versions of Sentinel Appliance are affected by this vulnerability because they run on or include the SLES operating system and have dependencies on glibc:

Sentinel 7.0.x
Sentinel 7.1.x
Sentinel 7.2.x

Resolution

For non-appliance installations, updates for SLES OS products that have current support are available via SLES update channels.
See: https://www.suse.com/support/kb/doc.php?id=7016113

For Appliance installations,
Sentinel 7.3 includes the patch/fix for the GHOST vulnerability and it is the current patch available in our update channel repository. NetIQ recommends that you apply the full 7.3 patch using zypper to upgrade Sentinel as well as the OS.

For customers who are not able or unwilling to immediately apply 7.3, we have a manual patch available for this vulnerability available via support. You must open a service request and contact support to gain access to the patch.

Manual Patch Instructions:
There are two options for patching RPM and scripted. The files that will be made available through support require a minimum of Sentinel 7.2.2 patch applied as the OS version we test with is SLES 11 SP3.

Files:
Sentinel_appliance_GHOST_vulnerability_patch_packages_20150130.tar.gz
Sentinel_appliance_GHOST_vulnerability_patch_20150130.tar.gz

The script does the following:
1. Check the sentinel version
2. Check the included rpm packages for integrity
3. Test run the rpm updates
4. Run the rpm updates.

Instructions using the
Sentinel_appliance_GHOST_vulnerability_patch_packages_20150130.tar.gz:
1. Make sure Sentinel is updated to the latest version - 7.2.2.0 or at least 7.2.0.0.
2. Uncompress the the patch file;
tar -zxvf Sentinel_appliance_GHOST_vulnerability_patch_packages_20150130.tar.gz
3. Run rpm update;
cd Sentinel_appliance_GHOST_vulnerability_patch_packages
rpm -Uvh binutils-2.23.1-0.23.15.x86_64.rpm \
glibc-2.11.3-17.74.13.x86_64.rpm \
glibc-32bit-2.11.3-17.74.13.x86_64.rpm \
glibc-devel-2.11.3-17.74.13.x86_64.rpm \
glibc-locale-2.11.3-17.74.13.x86_64.rpm \
iptables-1.4.6-2.13.3.2.x86_64.rpm \
nscd-2.11.3-17.74.13.x86_64.rpm \
ruby-1.8.7.p357-0.9.17.1.x86_64.rpm \
ruby-devel-1.8.7.p357-0.9.17.1.x86_64.rpm \
rubygem-actionpack-3_2-3.2.12-0.19.1.x86_64.rpm \
rubygem-sprockets-2_2-2.2.1-0.7.11.1.x86_64.rpm

Instructions using
Sentinel_appliance_GHOST_vulnerability_patch_20150130.tar.gz
1. Make sure Sentinel is update to the latest version - 7.2.2.0. Or at the least 7.2.0.0
2. Uncompress the patch file:
tar zxvf Sentinel_appliance_GHOST_vulnerability_patch_20150130.tar.gz
3. Run the patch script
cd Sentinel_appliance_GHOST_vulnerability_patch
./sentinel_patch_appliance.sh

Additional Information

Feedback service temporarily unavailable. For content questions or problems, please contact Support.