No, not that type of ghost.
Just a quick post to collate some info regarding EMC equipment and a recently discovered vulnerability in certain libraries present in some versions of Linux, which are utilized in a number of EMC systems.
As usual, this is a buffer-overflow type vulnerability, this time in the glibc 2.2 library that, when exploited, gains attackers the ability to execute arbitrary code to the gethostbyname and gethostbyname2 functions…. “GHOST”!
Full details are available here
This isn’t as easy to exploit as Heartbleed, and similarly these systems are generally not interfaced with networks that allow them to be exposed. That being said, it’s part of being a good admin to be aware and alert of the risks and to patch and remediate where appropriate.
EMC’s summary page is listed here. (support login required).
From that list, the usual suspects are technically vulnerable; VMAX, VNX*, VNX2, RecoverPoint, ScaleIO, Unisphere Central, ViIPR **, XtremIO and the Powerpath Virtual Appliance. (There’s more, but this is my ‘watch’ list.
Presently, there is no remediation process or fix available, so sit tight, assess the risk and action alternatively if necessary while the official fixes take shape.
Watch this space.
* Not technically confirmed as vulnerable, but expected to be.
** Not all ViPR components
Table as @ 3rd February 2015
Product |
Supported Versions |
Impacted? |
Details |
Last Updated |
ApplicationXtender Desktop, ApplicationXtender Web Access, ApplicationXtender Web Services, ApplicationXtender Report Management, ApplicationXtender Media Distribution, ApplicationXtender Workflow Manager, ApplicationXtender Image Capture, ApplicationXtender for Office, ApplicationXtender SharePoint Integration, ApplicationXtender Connector |
All |
No |
AX products are software applications and support Windows only. |
2015-01-29T20:31:49+00:00 |
AppSync |
||||
Atmos |
All versions upto 2.2.2.0 |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Avamar |
6.1, 7.0 and 7.1 |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Avamar Extended Retention (AER) |
1.0, 1.1, 1.2 |
Yes |
Remediation Plan in progress |
2015-02-02T22:54:23+00:00 |
Backup and Recovery Manager(BRM) for Avamar |
1.0, 1.1, 1.2 |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Backup and Recovery Manager(BRM) for NetWorker |
||||
Captiva IA, IAI and Dispatcher |
All |
No |
Captiva is software application and supports Windows only. |
2015-01-30T17:03:08+00:00 |
CentraStar |
||||
Centera Universal Access (CUA) |
4.2 and above |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
CDL Console |
||||
CLARiion |
||||
Cluster Enabled Base Component + Cluster Enabled SRDF Plug-in (SRDF/CE) |
||||
Connectrix B-Series Directors and Switches |
||||
Connectrix MDS Series |
||||
Celerra |
||||
CloudArray |
5.01 and earlier |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Cloud Tiering Appliance (CTA), File Management Appliance (FMA) |
CTA 9.x, CTA 10.x |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
Data Domain (DDOS) |
5.4.x, 5.5.x |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Data Domain Boost (DD Boost) |
All |
No |
DD Boost is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Data Domain MS (DDMS) |
1.2.1.0, 1.2.0.2 |
No |
DDMS is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Data Domain V Disk |
All |
No |
Data Domain V Disk is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Data Protection Advisor (DPA) |
All |
No |
DPA is software application and does not ship with Linux OS or Bash shell. Follow OS vendor guidelines to patch underlying host. |
2015-01-29T20:31:49+00:00 |
Data Computing Appliance (DCA) |
DCA 1.2.2.2, DCA 2.1.0.0 |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Documentum Administrator |
All |
No |
Documentum Administrator is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum CenterStage |
All |
No |
Documentum CenterStage is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum Collaborative Services |
All |
No |
Documentum Collaborative Services is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum Content Server |
All |
No |
Documentum Content Server is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. All Documentum Content Server build processes will be modified to utilize latest libraries in subsequent patches |
2015-02-02T17:23:36+00:00 |
Documentum D2 |
All |
No |
Documentum D2 is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-29T20:31:49+00:00 |
Documentum Digital Asset Manager (DAM) |
All |
No |
Documentum DAM is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum DFS/DFC |
All |
No |
Documentum DFS/DFC is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum eRoom |
All |
No |
Documentum eRoom is a software application and supports Windows only. |
2015-02-02T17:23:36+00:00 |
Documentum IDS/IDSx |
All |
No |
Documentum IDS/IDSx is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum Media Workspace (MWS) |
All |
No |
Documentum MWS is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum MyD |
All |
No |
Documentum MyD is software application and does not ship with Linux OS. |
2015-02-02T17:23:36+00:00 |
Documentum SAP Connector |
All |
No |
Documentum SAP Connector is a software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum TaskSpace |
All |
No |
Documentum TaskSpace is a software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum Transformation Services (DTS) & Content Transformation Services (CTS) |
All |
No |
DTS & CTS are software applications and support Windows only. |
2015-02-02T17:23:36+00:00 |
Documentum Webtop |
All |
No |
Documentum Webtop is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
Documentum WebPublisher |
All |
No |
Documentum WebPublisher is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Documentum xCP Designer |
All |
No |
Documentum xCP is a software application and supports Windows only. |
2015-01-29T20:31:49+00:00 |
Documentum xDB |
All |
No |
Documentum xDB is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host |
2015-02-02T22:54:23+00:00 |
Documentum xPlore |
All |
No |
Documentum xPlore is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host |
2015-01-29T20:31:49+00:00 |
Documentum xPression |
All |
No |
Documentum xPression is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
DLM |
4.x |
Yes |
Remediation plan in progress |
2015-01-30T17:03:08+00:00 |
EDL (Classic & 3D) |
||||
Embedded NAS (eNAS) or VNX NAS |
8.1.4.3, 8.1.4.15 – Control Station is the only affected component |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
EMC Control Center |
||||
EMC InfoArchive |
||||
EMC M&R (Watch4Net) |
||||
EMC Storage Analytics (ESA) |
||||
ESRS2 Gateway |
||||
ESRS Policy Manager |
||||
ESRS VE |
||||
Kazeon |
Kazeon 4.6.x, 4.7 and 4.8 |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
Information Rights Management (IRM) |
All |
No |
IRM is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Isilon OneFS |
All |
No |
Isilon OneFS uses FreeBSD which does not contain the “glibc” library. |
2015-01-29T20:31:49+00:00 |
Isilon InsightIQ |
1.0 through 3.1 |
yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
Isilon vCenter |
All |
Yes |
Remediation Plan in progress |
2015-02-02T22:54:23+00:00 |
Mainframe Enablers |
All |
No |
Mainframe Enablers and all its related components are software applications and do not support Linux platforms |
2015-01-29T20:31:49+00:00 |
MDL |
||||
Naviseccli |
||||
NetWorker and NetWorker Management Console |
All |
No |
NetWorker is software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-29T20:31:49+00:00 |
NetWorker VMware Protection (VBA) |
||||
PowerPath for AIX |
All |
No |
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
PowerPath for HP-UX |
All |
No |
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
PowerPath for Linux & PowerPath for Linux on System Z |
All |
No |
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
PowerPath for Solaris |
All |
No |
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
PowerPath Virtual Appliance |
1.2.x |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
PowerPath/VE for Windows |
All |
No |
Software application and does not ship with Linux OS. |
2015-01-30T17:03:08+00:00 |
PowerPath/VE for VMware |
All |
No |
Software application and does not ship with Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
PowerPath for Windows |
All |
No |
Software application and does not ship with Linux OS. |
2015-01-30T17:03:08+00:00 |
ProSphere |
2.x |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
RecoverPoint |
3.5.x, 4.0.x, 4.1.x, 4.2.x |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
Replication Manager (RM) |
||||
ScaleIO Virtual Machine (SVM) |
All |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Smarts IP , SAM, ESM, VoIP, MPLS, NPM, VoIP, OTM, ACM, ASAM, SAM Adapters |
8.1.4, 9.x |
No |
These are software applications and do not ship Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
Smarts NCM (Network Configuration Manager) |
4.1.x, 9.x |
No |
Smarts NCM is software application and does not ship Linux OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
Smarts Companion UI |
9.0, 9.1, 9.2.x |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
Solutions Enabler (SE) |
All |
No |
SE is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host. |
2015-01-30T17:03:08+00:00 |
Solutions Enabler Virtual Appliance (vApp) |
8.0.2 and prior |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
SAS M&R Solution Packs and Solution Packs for Networking and Applications |
||||
SourceOne |
||||
Symmetrix, DMX, VMAX (Enginuity and Service Processor (SP)) |
||||
Syncplicity Enterprise Edition On-Premise Storage Connector |
2.2.1.2 and prior |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
Time Finder Integration Module (TxIM) |
||||
UIM/P |
All |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
Unisphere Central |
V4 |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
Unisphere for VMAX (UniVMAX) |
All |
No |
UniVMAX is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
Unisphere for VMAX Virtual Appliance, Unisphere for VMAX with Performance Virtual Appliance (vApp) |
8.0.2, 8.0.1, 1.6.3 and prior |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
ViPR |
All |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
ViPR ECS |
||||
Virtual Storage Integrator for VMware vSphere Web Client |
||||
VMAX SMI Provider |
All |
No |
SMI-S is software application and does not ship Linus OS. Follow OS vendor guidelines to patch underlying host. |
2015-02-02T17:23:36+00:00 |
VNX1 |
||||
VNX2 |
All |
Yes |
Remediation Plan in progress |
2015-02-02T17:23:36+00:00 |
VNXe1 (MR4) |
VNXe OE 2.4.3 / VNXe3100/3150/3300 |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
VNXe2 (3200) |
VNXe3200 OE 3.0.0, VNXe3200 OE 3.0.1 |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
VPLEX, VPLEX-VE |
All |
Yes |
Remediation Plan in progress |
2015-01-30T17:03:08+00:00 |
ViPR SRM (vApp Deploys only) |
SRM 3.6.x, 3.5.x, 3.0.x |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |
ViPR SRM (Binary Installation) |
All |
No |
ViPR SRM (Binary Installation) is software application and does not ship Linux OS. |
2015-01-29T20:31:49+00:00 |
XtremCache |
||||
XtremCache “XtremSW Management Center” |
||||
XtremIO |
2.4.0/2.4.1/2.4.2/3.0.0/3.0.1/ |
Yes |
Remediation Plan in progress |
2015-01-29T20:31:49+00:00 |