Technical FAQs

Ask a Question

Is PowerChute Network Shutdown version 3.1 Virtual Appliance for VMware vulnerable to CVE-2015-0235?

Issue:
PowerChute Network Shutdown version 3.1 Virtual Appliance for VMware is vulnerable to CVE-2015-0235 (ghost glibc) vulnerability.

Product:
PowerChute Network Shutdown Version 3.1 and 3.2 Virtual Appliance

Environment:
VMware

Cause:
Ghost glibc vulnerability
Following link provides test programs to check for the vulnerability - http://www.cyberciti.biz/faq/cve-2015-0235-ghost-glibc-buffer-overflow-linux-test-program/

Solution:

1 - from the command line type:
yum update glibc
NOTE: After the update the appliance needs to be rebooted.
The OS will be updated and the vulnerability will be corrected.


2 - For system that do not have access to the internet there are 2 copies of glibc rpm (i686 and x86_64) and 1 dependent component - glibc-common - all 3 of these would need to be downloaded manually from this URL: http://mirror.centos.org/centos-5/5.11/updates/x86_64/RPMS/

http://mirror.centos.org/centos-5/5.11/updates/x86_64/RPMS/glibc-2.5-123.el5_11.1.i686.rpm
http://mirror.centos.org/centos-5/5.11/updates/x86_64/RPMS/glibc-2.5-123.el5_11.1.x86_64.rpm
http://mirror.centos.org/centos-5/5.11/updates/x86_64/RPMS/glibc-common-2.5-123.el5_11.1.x86_64.rpm

The 3 RPMs would then need to be transferred to the Appliance via SCP/SFTP and installed using the command:

rpm -U glibc-common-2.5-123.el5_11.1.x86_64.rpm glibc-2.5-123.el5_11.1.x86_64.rpm glibc-2.5-123.el5_11.1.i686.rpm

NOTE: There are dependencies so all 3 RPMs need to be updated. Users should reboot the Virtual Appliance after updating.
Was this helpful?
What can we do to improve the information ?