GHOST Critical Vulnerability in Pure Storage Systems

CVE-2015-0235 or GHOST is a critical vulnerability in the LINUX glibc library. Its a buffer overflow bug affecting the gethostbyname() and gethostbyname2() function calls. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.

Customers running Purity O.E. versions 3.4.x, 4.0.x, 4.1.x and later are not vulnerable to GHOST; however, all running versions 3.3.x and earlier are susceptible and should contact Pure support to upgrade and address this issue.

Cloud Assist is not vulnerable to GHOST.

This information was originally posted in the Pure Storage Communities. If you’re a customer or partner and not a community member, consider signing up.

Vaughn is a VP of Systems Engineering at VAST Data. He helps organizations capitalize on what’s possible from VAST’s Universal Storage in a multitude of environments including A.I. & deep learning, data analytics, animation & VFX, media & broadcast, health & life sciences, data protection, etc. He spent 23 years in various leadership roles at Pure Storage and NetApp, and has been awarded a U.S. patent. Vaughn strives to simplify the technically complex and advocates thinking outside the box. You can find his perspective online at vaughnstewart.com and in print; he’s coauthored multiple books including “Virtualization Changes Everything: Storage Strategies for VMware vSphere & Cloud Computing“.

Leave a Reply

Back To Top