Ghost Vulnerability CVE-2015-0235 and STK hardware Libraries and Tape Drives

Asset ID:	1-79-1981032.1
Update Date:	2017-06-29
Keywords:

Solution Type Predictive Self-Healing Sure

Solution 1981032.1 : Ghost Vulnerability CVE-2015-0235 and STK hardware Libraries and Tape Drives

Applies to:

StorageTek SL150 Modular Tape Library - Version All Versions and later
Sun StorageTek SL3000 Modular Library System - Version All Versions and later
Sun StorageTek T10000A Tape Drive - Version All Versions and later
Sun StorageTek SL8500 Modular Library System - Version All Versions and later
Linux OS - Version 1.0.5 and later
Information in this document applies to any platform.

Purpose

This document is intended for clients looking to find out what impact this GHOST vulnerability can have on the (S)L-series libraries and STK tape drives.

Scope

"GHOST" is the name of a vulnerability recently found in one of the key components of Linux systems.
The component is the Linux GNU C Library that is used by all Linux programs.

The vulnerability has been found in a function of this library that is used to convert Internet host names to Internet addresses.
If an attacker found vulnerable software and a way to transfer a properly crafted host name up to this function then theoretically the attacker could take over the control of the system.

Details

This vulnerability affects almost all major Linux distributions, except a few such as Ubuntu 14.04. Millions of SERVERS on the Internet contain this vulnerability.

What is Oracle doing to Protect/address this: Patches and fixes have been released all related specifically to Linux based systems target by the GHOST vulnerability

CVE-2015-0235 - Ghost Vulnerability - Patch Availability for Oracle Exalogic Linux Physical and Virtual Racks (Doc ID 1965975.1)
CVE-2015-0235 Ghost Vulnerability Patch Availability Document for Oracle Big Data Appliance (Doc ID 1966698.1)
CVE-2015-0235 AKA "Ghost" vulnerability in glibc - Patch Availability Document for Oracle Exalytics Linux Physical and Virtual systems (Doc ID 1966284.1)

HP LTO5 Tape Drive 10104/HP_LTO/LTO_5                         NOT Impacted, does not include glibc
HP LTO6 Tape Drive 10104/HP_LTO/LTO_6                         NOT Impacted, does not include glibc
IBM LTO5 Tape Drive 10104/IBM_LTO/LTO_5                      NOT Impacted, does not include glibc
IBM LTO6 Tape Drive 10104/IBM_LTO/LTO_6                      NOT Impacted, does not include glibc
L8       NOT Impacted, does not include glibc
Tape OEM Library SL24 10106 NOT Impacted, does not include glibc
Tape OEM Library SL48 10107 NOT Impacted, does not include glibc
Tape Library SL150 10099    NOT Impacted, does not include glibc
Sun StorageTek SL500 Modular Library System 10101         20441745 There are no plans for any further code releases on the SL500 product since it is no longer in production.
Tape Library SL3000 10100      Bug 20441744   (As of 27-Feb-2015) Still under evaluation
Tape Library SL8500 10102      Bug 20441746   (As of 27-Feb-2015) Still under evaluation

References

<NOTE:1966698.1> - CVE-2015-0235 Ghost Vulnerability Patch Availability Document for Oracle Big Data Appliance
<NOTE:1966284.1> - CVE-2015-0235 AKA "Ghost" vulnerability in glibc - Patch Availability Document for Oracle Exalytics Linux Physical and Virtual systems
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
<NOTE:1965975.1> - CVE-2015-0235 - Ghost Vulnerability - Patch Availability for Oracle Exalogic Linux Physical and Virtual Racks

Attachments

This solution has no attachment