Search the VMware Knowledge Base (KB)
View by Article ID

VMware Response to CVE-2015-7547: glibc getaddrinfo stack-based buffer overflow (2144032)

  • 20 Ratings

Details

On February 16, 2016, a critical vulnerability in glibc (CVE-2015-7547) was published that may allow for remote code execution.
 
VMware has classified this issue as critical and as such began work on a fix or corrective action immediately.
 
The VMware Security Engineering, Communications, and Response group (vSECR) has investigated the impact this vulnerability may have on VMware products. The assessment has resulted in workarounds, patches, and updated releases for VMware products as documented in the next section.

Products
  •  vSphere ESXi Hypervisor

    ESX(i) 5.1 and older are not affected because they do not ship with a vulnerable version of glibc.

    ESXi 5.5 and 6.0 ship with a vulnerable version of glibc and are affected. There are currently no in-product workarounds for this vulnerability.

    In response, security patches for ESXi 5.5 and 6.0 have been released. For more information, see VMSA-2016-0002. Enter your email address in the Sign up for Security Advisories section to receive alerts when these advisories are published or updated.

  • Windows based products

    Windows-based products, including all versions of vCenter Server running on Windows, are not affected.

  • VMware Virtual Appliances

    VMware Virtual Appliances ship with a vulnerable version of glibc and are affected. This includes all virtual appliances. Customers are advised to implement the suggested workaround in the Solution section for VMware Virtual Appliances until patches or updated releases are made available.

  • VMware products that run on Linux

    VMware products that run on Linux (excluding virtual appliances) might use a vulnerable version of glibc as part of the base operating system. If the operating system has a vulnerable version of glibc, VMware recommends that customers contact their operating system vendor for resolution.

    VMware Workstation is an example of this type of product.

Solution

Workaround, Patches, and Updated Releases for VMware Virtual Appliances

vSECR has determined that a workaround for some products is to re-configure the built-in firewall of the virtual appliance. Also, a patch or a updated release may be available for remediation.

This article will be updated as new workarounds, patches, or updated releases become available.

Warning: Do not attempt to apply steps from a particular Knowledge Base article to other VMware products that are not explicitly listed in the Product section.

 
The following Knowledge base articles contain information  on the types of remediation currently available.

If you do not see your virtual appliance listed below, subscribe to this article to get updates as they become available. For up-to-date information, click Subscribe to Document in the actions section.

vSphere Replication

 VMware vCenter Server Appliance

 VMware vRealize Automation
 Orchestrator Appliance 5.5, 6.0, and 7.0

vRealize Infrastructure Navigator

VMware vCenter Hyperic Server 5.8

EUC Identity Manager, Identity Manager Connector and Access Point

VMware Workbench

 VMware vCenter Operations Manager 5.8

VMware vRealize Operations Manager 6.0

 VMware vRealize Operations Manager 6.1

VMware vRealize Operations Manager 6.2

VMware vRealize Automation Application Services

vCloud Connector

VMware vCloud Networking and Security 5.5.x and NSX for vSphere 6.x

VMware NSX for Multi-Hypervisor 4.x

VMware Horizon Daas 6.1.x and Horizon DaaS Bundle 6.1.x

vRealize Business Standard 6.x

 vRealize Business Standard 7.x

vSphere Big Data Extensions

 vFabric Postgres

VMware vSphere Storage Appliance
VMware vSphere Data Protection

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

  • 20 Ratings

Did this article help you?
This article resolved my issue.
This article did not resolve my issue.
This article helped but additional information was required to resolve my issue.

What can we do to improve this information? (4000 or fewer characters)




Please enter the Captcha code before clicking Submit.
  • 20 Ratings
Actions
KB: