Dell Data Protection Virtual Edition and the effects of the GNU C Library security vulnerability

Zusammenfassung: The effects of the GNU C Library security vulnerability that is known as GHOST vulnerability in Dell Data Protection | Virtual Edition.

Dieser Artikel gilt für Dieser Artikel gilt nicht für Dieser Artikel ist nicht an ein bestimmtes Produkt gebunden. In diesem Artikel werden nicht alle Produktversionen aufgeführt.
Andere Ressourcen ansehen

Symptome

Affected Products:

  • Dell Data Protection | Virtual Edition

Affected Versions:

  • v9.10 and Earlier
Note: It is recommended that the Dell Data Protection | Virtual Edition server is updated periodically to obtain the benefits of enhanced features and security in updated versions.

The GHOST vulnerability affects many Linux distributions, which include Ubuntu 12.04 that is a part of all Dell Data Protection | Virtual Edition.

Background on GNU C Library security vulnerability or GHOST vulnerability

Ubuntu Security Notices has announced a serious security vulnerability in the GNU C Library (version before 2.18). This vulnerability affects Ubuntu 12.04 LTS (Precise), which is the base operating system for Dell Data Protection | Virtual Edition.

Technical details:

The GNU C Library (or glibc) is an implementation of the standard C library and a core part of the Linux operating system. As mentioned in Ubuntu Wiki, a buffer overflow existed in the __nss_hostname_digits_dots function in the GNU C Library. This issue can be triggered both locally and remotely using all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.

An attacker could use this issue to run arbitrary code or cause an application crash, resulting in a denial of service.

Ursache

Not Applicable

Lösung

The issue is resolved in v9.11 and later.

To work around this issue, update the Ubuntu 12.04 LTS to the libc6 2.15-0ubuntu10.10 patch that is available from Ubuntu’s official repository.

To upgrade, run the following commands in sequence:

sudo apt-get update
sudo apt-get install libc6

Alternatively, the following command can also be run in place of sudo apt-get install libc6 in above sequence. It upgrades all operating system libraries on the Dell Data Protection | Virtual Edition server, including glibc.

sudo apt-get dist-upgrade

To verify that the upgrade was successful, use the following command:

sudo aptitude show libc6

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Weitere Informationen

Other Reference Material

USN-2485-1: GNU C Library vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
Ubuntu Wiki This hyperlink is taking you to a website outside of Dell Technologies.

Betroffene Produkte

Dell Encryption
Artikeleigenschaften
Artikelnummer: 000130719
Artikeltyp: Solution
Zuletzt geändert: 21 März 2024
Version:  12
Antworten auf Ihre Fragen erhalten Sie von anderen Dell NutzerInnen
Support Services
Prüfen Sie, ob Ihr Gerät durch Support Services abgedeckt ist.