search cancel

Is Critical Systems Protection(CSP)/Data Center Security:Server Advanced (DCS:SA) affected by the Ghost glibc (CVE-2015-0235) vulnerability?

book

Article ID: 161780

calendar_today

Updated On:

Products

Critical System Protection Data Center Security Server Advanced

Issue/Introduction

A security bug Ghost glibc (CVE-2015-0235) was released Jan 27, 2014.

Resolution

CSP/DCS:SA does utilize the glibc installed with the operating system however even if glibc has not been updated DCS:SA/CSP it is not vulnerable.  In order to exploit the glibc vulnerability the user must already be root and have been given privileges in DCS:SA/CSP to disable/modify IPS policy so no additional rights can be gained using the exploit.   We always recommend if using IPS policy to limit roots privileges don’t give root privileges to utilize the DCS:SA/CSP config tool which enables them to change IPS policy.  To find and disable this option in the policy, please do the following:

 
  1. Open the 5.2.9 UNIX Protection Policy
  2. Under Advanced Policy Settings, click Sandboxes
  3. Under Interactive Program Options, click Root Program Options [rootpriv_ps]
  4. Under General Settings->SDCSS Configuration Tool Options, uncheck the option Allow SDCSS Configuration Tools to run with Full privileges for the root user
 

 

 

 

Attachments

CSP Ghost.jpg get_app