Skip to main content
Delphix

CVE-2017-3623 "Ebbisland" Vulnerability (TB040)

Alert Type

Security

Impact

On 10 April 2017, a purported archive of NSA exploits was widely distributed on the Internet. The archive contains numerous exploits, including some targeted at applications and system services using the Remote Procedure Call (RPC) protocol. The root cause of the RPC exploits is a buffer overflow in library code used by RPC applications and services.

Known exploits of the vulnerability have resulted in unrestricted privileged (superuser) access on other systems. These same exploits are ineffective on the Delphix Engine because they depend on system services not used by Delphix.

Attempts to exploit the vulnerability on Delphix may result in the failure of some Delphix services. However, these services are monitored and restarted automatically. Momentary disruption of administrative and data services is possible.

The overall impact of the vulnerability on Delphix is low to medium.

Contributing Factors

The vulnerability affects the following Delphix Releases:

  • Delphix Engine 2.6

  • Delphix Engine 2.7.0.0

  • Delphix Engine 2.7.1.0, 2.7.1.1, and 2.7.1.2

  • Delphix Engine 2.7.2.0

  • Delphix Engine 2.7.3.0 and 2.7.3.1

  • Delphix Engine 2.7.4.0

  • Delphix Engine 2.7.5.0

  • Delphix Engine 2.7.6.0

  • Delphix Engine 3.0.0.3 and 3.0.0.4

  • Delphix Engine 3.0.1.0, 3.0.1.2, and 3.0.1.3

  • Delphix Engine 3.0.2.0 and 3.0.2.1

  • Delphix Engine 3.0.3.0 and 3.0.3.1

  • Delphix Engine 3.0.4.0

  • Delphix Engine 3.0.5.0

  • Delphix Engine 3.1.0.1

  • Delphix Engine 3.1.1.0

  • Delphix Engine 3.1.2.0 and 3.1.2.1

  • Delphix Engine 3.1.3.0, 3.1.3.1, and 3.1.3.2

  • Delphix Engine 3.1.4.0

  • Delphix Engine 3.1.5.0

  • Delphix Engine 3.2.0.0

  • Delphix Engine 3.2.1.0

  • Delphix Engine 3.2.2.0 and 3.2.2.1

  • Delphix Engine 3.2.3.0 and 3.2.3.1

  • Delphix Engine 3.2.4.0, 3.2.4.1, and 3.2.4.2

  • Delphix Engine 3.2.5.0 and 3.2.5.1

  • Delphix Engine 3.2.6.0

  • Delphix Engine 3.2.7.0

  • Delphix Engine 4.0.0.0 and 4.0.0.1

  • Delphix Engine 4.0.1.0

  • Delphix Engine 4.0.2.0

  • Delphix Engine 4.0.3.0

  • Delphix Engine 4.0.4.0

  • Delphix Engine 4.0.5.0

  • Delphix Engine 4.0.6.0 and 4.0.6.1

  • Delphix Engine 4.1.0.0

  • Delphix Engine 4.1.1.0

  • Delphix Engine 4.1.2.0

  • Delphix Engine 4.1.3.0, 4.1.3.1 and 4.1.3.2

  • Delphix Engine 4.1.4.0

  • Delphix Engine 4.1.5.0

  • Delphix Engine 4.1.6.0

  • Delphix Engine 4.2.0.0 and 4.2.0.3

  • Delphix Engine 4.2.1.0 and 4.2.1.1

  • Delphix Engine 4.2.2.0 and 4.2.2.1

  • Delphix Engine 4.2.3.0

  • Delphix Engine 4.2.4.0

  • Delphix Engine 4.2.5.0 and 4.2.5.1

  • Delphix Engine 4.3.1.0

  • Delphix Engine 4.3.2.0 and 4.3.2.1

  • Delphix Engine 4.3.3.0

  • Delphix Engine 4.3.4.0 and 4.3.4.1

  • Delphix Engine 4.3.5.0

  • Delphix Engine 5.0.1.0 and 5.0.1.1

  • Delphix Engine 5.0.2.0 and 5.0.2.1, 5.0.2.2 and 5.0.2.3

  • Delphix Engine 5.0.3.0 and 5.0.3.1

  • Delphix Engine 5.0.4.0 and 5.0.4.1

  • Delphix Engine 5.0.5.0, 5.0.5.1, 5.0.5.2, 5.0.5.3, and 5.0.5.4

  • Delphix Engine 5.1.0.0

  • Delphix Engine 5.1.1.0

  • Delphix Engine 5.1.2.0

  • Delphix Engine 5.1.3.0

  • Delphix Engine 5.1.4.0

  • Delphix Engine 5.1.5.0 and 5.1.5.1

  • Delphix Engine 5.1.6.0

Symptoms

None

Relief/Workaround

None

Resolution

This vulnerability will be fully addressed in a future Delphix release.


Additional Information 

 

Exploits of the vulnerability depend on the ability to overwrite memory that will subsequently be used or executed by random or maliciously-created software. On many systems, the way memory is allocated allows for easy prediction to facilitate such attacks. On the Delphix system, the memory allocation scheme makes memory allocation extremely difficult to predict and consequently makes such attacks far more difficult.

Delphix has performed extensive penetration testing using both known exploits as well as variations of these exploits specifically targeting Delphix. Attempts to otherwise compromise the Delphix system have been unsuccessful.

 

For more information on this issue, please see the following references:

  • Was this article helpful?