GHOST Vulnerability: glibc, gethostbyname buffer overflow CVE-2015-0235

Document created by Mark_Hanson Employee on Feb 2, 2015Last modified by Lenn Thompson on Apr 20, 2016
Version 2Show Document
  • View in full screen mode

Dear CA Customer:

 

The purpose of this Advisory is to inform you of a potential problem that has been recently identified with Linux operating systems on which CA Workload Automation products may run.  Please read the information provided below and follow the instructions in order to avoid being impacted by this problem. 

 

PRODUCT(S) AFFECTED:                                                  RELEASES:

Workload Automation AE (Linux only)                                  11.0, 11.3, 11.3.5, 11.3.6

Workload Automation Agents                                                11.1 (DE), 11.3 (AE, DE)

Embedded Entitlement Manager (EEM)                                8.4, 12, 12.51

 

Note: Workload Automation DE engine is not directly affected.

        Workload Control Center (WCC), iDash & iXP are only indirectly affected through their use of other affected software (e.g. Java, EEM, etc.)

PROBLEM DESCRIPTION:

On Tuesday, January 27, 2015 a security advisory was published by Qualys on a vulnerability in glibc, the GNU C library.  GHOST (GetHOST): glibc, gethostbyname buffer overflow CVE-2015-0235. The National Vulnerability Database gave this vulnerability a HIGH risk rating per the Common Vulnerability Scoring System (CVSS).  There exists a remote code execution risk due to this vulnerability.

The following CA Workload Automation components directly utilize glibc:

WAAE Engine (event_demon, as_server)

WA (AE & DE) Agents (cybAgent, auto_remote)

EEM (dxserver, igateway)

SSA (csampmuxf)

 

An attacker exploiting the GHOST vulnerability may gain control of the compromised system.

IMPACT:

The impact will vary depending on the exploitation of the vulnerability. 


RESOLUTION:
The first vulnerable version of the GNU C Library affected by this is glibc-2.2, released on November 10, 2000.  The issue was fixed on May 21, 2013; between the releases of glibc-2.17 and glibc-2.18.

RECOMMENDATION:
CA recommends all customers take steps to secure systems as a matter of priority.  Once systems are patched, all services that depend on glibc must be restarted.

Contact your operating system vendor for updated information.


Thank you,

  CA Workload Automation Team

Attachments

    Outcomes