TB040 CVE-2017-3623 "Ebbisland" Vulnerability
Alert Type
Security
Impact
On 10 April 2017, a purported archive of NSA exploits was widely distributed on the Internet. The archive contains numerous exploits, including some targeted at applications and system services using the Remote Procedure Call (RPC) protocol. The root cause of the RPC exploits is a buffer overflow in library code used by RPC applications and services.
Known exploits of the vulnerability have resulted in unrestricted privileged (superuser) access on other systems. These same exploits are ineffective on the Delphix Engine because they depend on system services not used by Delphix.
Attempts to exploit the vulnerability on Delphix may result in the failure of some Delphix services. However, these services are monitored and restarted automatically. Momentary disruption of administrative and data services is possible.
The overall impact of the vulnerability on Delphix is low to medium.
Contributing Factors
The vulnerability affects the following Delphix Releases:
-
Delphix Engine 2.6
-
Delphix Engine 2.7.0.0
-
Delphix Engine 2.7.1.0, 2.7.1.1, and 2.7.1.2
-
Delphix Engine 2.7.2.0
-
Delphix Engine 2.7.3.0 and 2.7.3.1
-
Delphix Engine 2.7.4.0
-
Delphix Engine 2.7.5.0
-
Delphix Engine 2.7.6.0
-
Delphix Engine 3.0.0.3 and 3.0.0.4
-
Delphix Engine 3.0.1.0, 3.0.1.2, and 3.0.1.3
-
Delphix Engine 3.0.2.0 and 3.0.2.1
-
Delphix Engine 3.0.3.0 and 3.0.3.1
-
Delphix Engine 3.0.4.0
-
Delphix Engine 3.0.5.0
-
Delphix Engine 3.1.0.1
-
Delphix Engine 3.1.1.0
-
Delphix Engine 3.1.2.0 and 3.1.2.1
-
Delphix Engine 3.1.3.0, 3.1.3.1, and 3.1.3.2
-
Delphix Engine 3.1.4.0
-
Delphix Engine 3.1.5.0
-
Delphix Engine 3.2.0.0
-
Delphix Engine 3.2.1.0
-
Delphix Engine 3.2.2.0 and 3.2.2.1
-
Delphix Engine 3.2.3.0 and 3.2.3.1
-
Delphix Engine 3.2.4.0, 3.2.4.1, and 3.2.4.2
-
Delphix Engine 3.2.5.0 and 3.2.5.1
-
Delphix Engine 3.2.6.0
-
Delphix Engine 3.2.7.0
-
Delphix Engine 4.0.0.0 and 4.0.0.1
-
Delphix Engine 4.0.1.0
-
Delphix Engine 4.0.2.0
-
Delphix Engine 4.0.3.0
-
Delphix Engine 4.0.4.0
-
Delphix Engine 4.0.5.0
-
Delphix Engine 4.0.6.0 and 4.0.6.1
-
Delphix Engine 4.1.0.0
-
Delphix Engine 4.1.1.0
-
Delphix Engine 4.1.2.0
-
Delphix Engine 4.1.3.0, 4.1.3.1 and 4.1.3.2
-
Delphix Engine 4.1.4.0
-
Delphix Engine 4.1.5.0
-
Delphix Engine 4.1.6.0
-
Delphix Engine 4.2.0.0 and 4.2.0.3
-
Delphix Engine 4.2.1.0 and 4.2.1.1
-
Delphix Engine 4.2.2.0 and 4.2.2.1
-
Delphix Engine 4.2.3.0
-
Delphix Engine 4.2.4.0
-
Delphix Engine 4.2.5.0 and 4.2.5.1
-
Delphix Engine 4.3.1.0
-
Delphix Engine 4.3.2.0 and 4.3.2.1
-
Delphix Engine 4.3.3.0
-
Delphix Engine 4.3.4.0 and 4.3.4.1
-
Delphix Engine 4.3.5.0
-
Delphix Engine 5.0.1.0 and 5.0.1.1
-
Delphix Engine 5.0.2.0 and 5.0.2.1, 5.0.2.2 and 5.0.2.3
-
Delphix Engine 5.0.3.0 and 5.0.3.1
-
Delphix Engine 5.0.4.0 and 5.0.4.1
-
Delphix Engine 5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, and 5.0.5.4
-
Delphix Engine 5.1.0.0
-
Delphix Engine 5.1.1.0
-
Delphix Engine 5.1.2.0
-
Delphix Engine 5.1.3.0
-
Delphix Engine 5.1.4.0
-
Delphix Engine 5.1.5.0 and 5.1.5.1
-
Delphix Engine 5.1.6.0
Resolution
This vulnerability is addressed in the Delphix 5.0.5.5 and 5.1.7.0 releases.
Additional Information
Exploits of the vulnerability depend on the ability to overwrite memory that will subsequently be used or executed by random or maliciously-created software. On many systems, the way memory is allocated allows for easy prediction to facilitate such attacks. On the Delphix system, the memory allocation scheme makes memory allocation extremely difficult to predict and consequently makes such attacks far more difficult.
Delphix has performed extensive penetration testing using both known exploits as well as variations of these exploits specifically targeting Delphix. Attempts to otherwise compromise the Delphix system have been unsuccessful.
For more information on this issue the external links in Related Articles.