“GHOST” Vulnerability on EMC products

ghost boo

No, not that type of ghost.

 

Just a quick post to collate some info regarding EMC equipment and a recently discovered vulnerability in certain libraries present in some versions of Linux, which are utilized in a number of EMC systems.

As usual, this is a buffer-overflow type vulnerability, this time in the glibc 2.2 library that, when exploited, gains attackers the ability to execute arbitrary code to the gethostbyname and gethostbyname2 functions…. “GHOST”!

Full details are available here

This isn’t as easy to exploit as Heartbleed, and similarly these systems are generally not interfaced with networks that allow them to be exposed. That being said, it’s part of being a good admin to be aware and alert of the risks and to patch and remediate where appropriate.

EMC’s summary page is listed here.  (support login required).

From that list, the usual suspects are technically vulnerable; VMAX, VNX*, VNX2, RecoverPoint, ScaleIO, Unisphere Central, ViIPR **, XtremIO and the Powerpath Virtual Appliance. (There’s more, but this is my ‘watch’ list.

Presently, there is no remediation process or fix available, so sit tight, assess the risk  and action alternatively if necessary while the official fixes take shape.

Watch this space.

 

 * Not technically confirmed as vulnerable, but expected to be.
** Not all ViPR components 
 

 

Table as @ 3rd February 2015

Product
Supported Versions
Impacted?
Details
Last Updated
ApplicationXtender Desktop, ApplicationXtender Web Access, ApplicationXtender Web Services, ApplicationXtender Report Management, ApplicationXtender Media Distribution, ApplicationXtender Workflow Manager, ApplicationXtender Image Capture, ApplicationXtender for Office, ApplicationXtender SharePoint Integration, ApplicationXtender Connector
All
No
AX products are software applications and support Windows only.
2015-01-29T20:31:49+00:00
AppSync
Atmos
All versions upto 2.2.2.0
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Avamar
6.1, 7.0 and 7.1
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Avamar Extended Retention (AER)
1.0, 1.1, 1.2
Yes
Remediation Plan in progress
2015-02-02T22:54:23+00:00
Backup and Recovery Manager(BRM) for Avamar
1.0, 1.1, 1.2
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Backup and Recovery Manager(BRM) for NetWorker
Captiva IA, IAI and Dispatcher
All
No
Captiva is software application and supports Windows only.
2015-01-30T17:03:08+00:00
CentraStar
Centera Universal Access (CUA)
4.2 and above
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
CDL Console
CLARiion
Cluster Enabled Base Component + Cluster Enabled SRDF Plug-in (SRDF/CE)
Connectrix B-Series Directors and Switches
Connectrix MDS Series
Celerra
CloudArray
5.01 and earlier
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Cloud Tiering Appliance (CTA), File Management Appliance (FMA)
CTA 9.x, CTA 10.x
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
Data Domain (DDOS)
5.4.x, 5.5.x
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Data Domain Boost (DD Boost)
All
No
DD Boost is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Data Domain MS (DDMS)
1.2.1.0, 1.2.0.2
No
DDMS is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Data Domain V Disk
All
No
Data Domain V Disk is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Data Protection Advisor (DPA)
All
No
DPA is software application and does not ship with Linux OS or Bash shell. Follow OS vendor guidelines to patch underlying host.
2015-01-29T20:31:49+00:00
Data Computing Appliance (DCA)
DCA 1.2.2.2, DCA 2.1.0.0
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Documentum Administrator
All
No
Documentum Administrator is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum CenterStage
All
No
Documentum CenterStage is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum Collaborative Services
All
No
Documentum Collaborative Services is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum Content Server
All
No
Documentum Content Server is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. All Documentum Content Server build processes will be modified to utilize latest libraries in subsequent patches
2015-02-02T17:23:36+00:00
Documentum D2
All
No
Documentum D2 is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-29T20:31:49+00:00
Documentum Digital Asset Manager (DAM)
All
No
Documentum DAM is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum DFS/DFC
All
No
Documentum DFS/DFC is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum eRoom
All
No
Documentum eRoom is a software application and supports Windows only.
2015-02-02T17:23:36+00:00
Documentum IDS/IDSx
All
No
Documentum IDS/IDSx is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum Media Workspace (MWS)
All
No
Documentum MWS is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum MyD
All
No
Documentum MyD is software application and does not ship with Linux OS.
2015-02-02T17:23:36+00:00
Documentum SAP Connector
All
No
Documentum SAP Connector is a software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum TaskSpace
All
No
Documentum TaskSpace is a software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum Transformation Services (DTS) & Content Transformation Services (CTS)
All
No
DTS & CTS are software applications and support Windows only.
2015-02-02T17:23:36+00:00
Documentum Webtop
All
No
Documentum Webtop is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
Documentum WebPublisher
All
No
Documentum WebPublisher is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Documentum xCP Designer
All
No
Documentum xCP is a software application and supports Windows only.
2015-01-29T20:31:49+00:00
Documentum xDB
All
No
Documentum xDB is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host
2015-02-02T22:54:23+00:00
Documentum xPlore
All
No
Documentum xPlore is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host
2015-01-29T20:31:49+00:00
Documentum xPression
All
No
Documentum xPression is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
DLM
4.x
Yes
Remediation plan in progress
2015-01-30T17:03:08+00:00
EDL (Classic & 3D)
Embedded NAS (eNAS) or VNX NAS
8.1.4.3, 8.1.4.15 – Control Station is the only affected component
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
EMC Control Center
EMC InfoArchive
EMC M&R (Watch4Net)
EMC Storage Analytics (ESA)
ESRS2 Gateway
ESRS Policy Manager
ESRS VE
Kazeon
Kazeon 4.6.x, 4.7 and 4.8
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
Information Rights Management (IRM)
All
No
IRM is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Isilon OneFS
All
No
Isilon OneFS uses FreeBSD which does not contain the “glibc” library.
2015-01-29T20:31:49+00:00
Isilon InsightIQ
1.0 through 3.1
yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
Isilon vCenter
All
Yes
Remediation Plan in progress
2015-02-02T22:54:23+00:00
Mainframe Enablers
All
No
Mainframe Enablers and all its related components are software applications and do not support Linux platforms
2015-01-29T20:31:49+00:00
MDL
Naviseccli
NetWorker and NetWorker Management Console
All
No
NetWorker is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-29T20:31:49+00:00
NetWorker VMware Protection (VBA)
PowerPath for AIX
All
No
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
PowerPath for HP-UX
All
No
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
PowerPath for Linux & PowerPath for Linux on System Z
All
No
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
PowerPath for Solaris
All
No
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
PowerPath Virtual Appliance
1.2.x
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
PowerPath/VE for Windows
All
No
Software application and does not ship with Linux OS.
2015-01-30T17:03:08+00:00
PowerPath/VE for VMware
All
No
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
PowerPath for Windows
All
No
Software application and does not ship with Linux OS.
2015-01-30T17:03:08+00:00
ProSphere
2.x
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
RecoverPoint
3.5.x, 4.0.x, 4.1.x, 4.2.x
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
Replication Manager (RM)
ScaleIO Virtual Machine (SVM)
All
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Smarts IP , SAM, ESM, VoIP, MPLS, NPM, VoIP, OTM, ACM, ASAM, SAM Adapters
8.1.4, 9.x
No
These are software applications and do not ship Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
Smarts NCM (Network Configuration Manager)
4.1.x, 9.x
No
Smarts NCM is software application and does not ship Linux OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
Smarts Companion UI
9.0, 9.1, 9.2.x
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
Solutions Enabler (SE)
All
No
SE is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host.
2015-01-30T17:03:08+00:00
Solutions Enabler Virtual Appliance (vApp)
8.0.2 and prior
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
SAS M&R Solution Packs and Solution Packs for Networking and Applications
SourceOne
Symmetrix, DMX, VMAX (Enginuity and Service Processor (SP))
Syncplicity Enterprise Edition On-Premise Storage Connector
2.2.1.2 and prior
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
Time Finder Integration Module (TxIM)
UIM/P
All
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
Unisphere Central
V4
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
Unisphere for VMAX (UniVMAX)
All
No
UniVMAX is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
Unisphere for VMAX Virtual Appliance, Unisphere for VMAX with Performance Virtual Appliance (vApp)
8.0.2, 8.0.1, 1.6.3 and prior
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
ViPR
All
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
ViPR ECS
Virtual Storage Integrator for VMware vSphere Web Client
VMAX SMI Provider
All
No
SMI-S is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host.
2015-02-02T17:23:36+00:00
VNX1
VNX2
All
Yes
Remediation Plan in progress
2015-02-02T17:23:36+00:00
VNXe1 (MR4)
VNXe OE 2.4.3 / VNXe3100/3150/3300
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
VNXe2 (3200)
VNXe3200 OE 3.0.0, VNXe3200 OE 3.0.1
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
VPLEX, VPLEX-VE
All
Yes
Remediation Plan in progress
2015-01-30T17:03:08+00:00
ViPR SRM (vApp Deploys only)
SRM 3.6.x, 3.5.x, 3.0.x
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00
ViPR SRM (Binary Installation)
All
No
ViPR SRM (Binary Installation) is software application and does not ship Linux OS.
2015-01-29T20:31:49+00:00
XtremCache
XtremCache “XtremSW Management Center”
XtremIO
2.4.0/2.4.1/2.4.2/3.0.0/3.0.1/
Yes
Remediation Plan in progress
2015-01-29T20:31:49+00:00

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this: