Dell Data Protection Virtual Edition and the effects of the GNU C Library security vulnerability

Summary: The effects of the GNU C Library security vulnerability that is known as GHOST vulnerability in Dell Data Protection | Virtual Edition.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

Affected Products:

  • Dell Data Protection | Virtual Edition

Affected Versions:

  • v9.10 and Earlier
Note: It is recommended that the Dell Data Protection | Virtual Edition server is updated periodically to obtain the benefits of enhanced features and security in updated versions.

The GHOST vulnerability affects many Linux distributions, which include Ubuntu 12.04 that is a part of all Dell Data Protection | Virtual Edition.

Background on GNU C Library security vulnerability or GHOST vulnerability

Ubuntu Security Notices has announced a serious security vulnerability in the GNU C Library (version before 2.18). This vulnerability affects Ubuntu 12.04 LTS (Precise), which is the base operating system for Dell Data Protection | Virtual Edition.

Technical details:

The GNU C Library (or glibc) is an implementation of the standard C library and a core part of the Linux operating system. As mentioned in Ubuntu Wiki, a buffer overflow existed in the __nss_hostname_digits_dots function in the GNU C Library. This issue can be triggered both locally and remotely using all the gethostbyname*() functions. Applications have access to the DNS resolver primarily through the gethostbyname*() set of functions. These functions convert a hostname into an IP address.

An attacker could use this issue to run arbitrary code or cause an application crash, resulting in a denial of service.

Cause

Not Applicable

Resolution

The issue is resolved in v9.11 and later.

To work around this issue, update the Ubuntu 12.04 LTS to the libc6 2.15-0ubuntu10.10 patch that is available from Ubuntu’s official repository.

To upgrade, run the following commands in sequence:

sudo apt-get update
sudo apt-get install libc6

Alternatively, the following command can also be run in place of sudo apt-get install libc6 in above sequence. It upgrades all operating system libraries on the Dell Data Protection | Virtual Edition server, including glibc.

sudo apt-get dist-upgrade

To verify that the upgrade was successful, use the following command:

sudo aptitude show libc6

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Additional Information

Other Reference Material

USN-2485-1: GNU C Library vulnerability This hyperlink is taking you to a website outside of Dell Technologies.
Ubuntu Wiki This hyperlink is taking you to a website outside of Dell Technologies.

Affected Products

Dell Encryption
Article Properties
Article Number: 000130719
Article Type: Solution
Last Modified: 21 Mar 2024
Version:  12
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.