Get a Demo Menu
Filters

Security Advisory:
Meltdown and Spectre

Recently revealed security vulnerabilities found in microprocessors from Intel and AMD allow various kind of attacks on the Kernel memory from user-context. More details can be found in the technical and news websites, for example here.

Resolving the issues requires implementing operating system Kernel patches.

For CTERA products, the affected operating system is Linux. Relevant Linux patches have been made available by the Linux community. In some situations, systems using these patches may experience some performance degradation.

Affected CTERA Products

  • CTERA Physical Cloud Storage Gateways: models C400, C800, C800+, HC1200 – these gateways utilize Intel x86 microprocessors.
  • CTERA Virtual Cloud Storage Gateways: these gateways run as virtual machines within a virtualization environment typically utilizing Intel microprocessors.
  • CTERA Portal: the Portal servers run as virtual machines within a virtualization environment typically utilizing Intel microprocessors.

CTERA assesses the immediate risk of this vulnerability for CTERA customers as LOW due to the following mitigating factors:

  • This is a local privilege escalation bug; therefore, it requires the attacker to be logged into the machine, or to already have the ability to execute arbitrary code on the machine through other vulnerabilities.
  • Since the CTERA appliance does not allow user logins, the vulnerability is not directly exploitable.
  • Since CTERA Portal allows only highly privileged users to login via SSH, the vulnerability is not directly exploitable, because privileges cannot be escalated further.

Remediation Plan

CTERA provides new Portal images and new gateway firmware, which should be applied using the regular upgrade methods of the CTERA products. CTERA Service Delivery and Customer Support departments will assist customers in this process.

Confirmed delivery schedule

The CTERA Portal and Cloud Storage Gateways fix versions are now available.
For any additional questions or assistance, feel free to contact us through the CTERA Support Portal.

Skip to content