GHOST Vulnerability

You probably have heard of the GHOST vulnerability aka CVE-2015-0235. This one impact the glibc, which is running on XenServer. But is it dangerous for your hosts?

What it is all about

You can read more details on this excellent blog post. Basically, a gethostbyname() call can be triggered with any kind of DNS resolving stuff.

So, what are the attack vectors on a XenServer host?

Small attack surface

XenServer privilegied domain (dom0) is built to offer the smallest attack surface. That's also why it's a best practice to let your dom0 as is after the install.

The Citrix official statement so far is:

Analysis into the impact of this issue on XenServer is in progress. XenServer does include a vulnerable version of glibc but at present there is no known route by which a guest virtual machine would be able to invoke the vulnerable functionality through the hypervisor interface. Analysis of this is still in progress and this section will be updated when additional information is available.


I believe myself there is nothing dangerous here, but I'll keep you posted. So, what do you have to do:

Update your VMs

Hey, but don't forget to update all your guests!

RedHat and its derivatives (CentOS etc.) with:

$ yum update

Debian and co (Ubuntu etc.) with:

$ apt-get update && apt-get upgrade

Oh, and if you are using SaltStack (like me), just do a:

$ salt '*' pkg.upgrade

And all your VMs are magically updated!

You can also verify which services are using the glibc with:

$ lsof | grep libc | awk '{print $1}' | sort | uniq

Restart all these services!