VMware Cloud Community
Bockleson
Contributor
Contributor
‎01-28-2016 04:08 AM

Is vRealize Operations Manager Appliance Version 6.0.2 open to the Grub2 Authentication Bypass 0-Day vulnerability, please?

Would anyone be so kind as to advise me whether vRealize Operations Manager Appliance - 10.25.4.180 Version 6.0.2.2777062 Build 275985 is open to the Grub2 Authentication Bypass 0-Day vulnerability, please?

Here is the link from the CVE site:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-8370

I ask, as I am aware that the Guest OS build for the appliance is SUSE Enterprise Linux 11

Thanks in advance for any advice / feedback or insight...

0 Kudos
2 Replies
mark_j
Virtuoso
Virtuoso
‎01-28-2016 10:54 AM

The vuln impacts GRUB version 1.98 to 2.02. I'm not running vROps v6.0.2 anymore and can't look myself, but you should be able to check what GRUB version the v6.0.2 appliance is running (should be pretty quick to check) to see if the CVE is even applicable. Mind you, v6.0.2 is from mid 2015, and these are the types of things we patch as we do our updates to newer versions. The easiest way to stay on top of these things is to stay current with our product version, which also include OS-level updates.

If you find this or any other answer useful please mark the answer as correct or helpful.
0 Kudos
Bockleson
Contributor
Contributor
‎01-29-2016 05:59 AM

Thank you for your assistance with this, it's certainly appreciated

0 Kudos