====== CVE-2015-0235 GHOST: glibc gethostbyname buffer overflow ====== CVE-2015-0235, is a Linux based vulnerability that was recently discovered. Imperva is treating this vulnerability with utmost importance. ===== Further Reading ===== * [[https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235]] * [[https://blog.gslin.org/archives/2015/01/29/5559/cve-2015-0235%EF%BC%9A%E8%AE%93%E4%BA%BA%E7%88%86%E7%82%B8%E7%9A%84%E3%80%8Cglibc-gethostbyname-buffer-overflow%E3%80%8D/|CVE-2015-0235:讓人爆炸的「glibc gethostbyname buffer overflow」 by Gea-Suan Lin]] * [[http://blog.longwin.com.tw/2015/01/linux-glibc-ghost-vulnerability-patch-fix-2015/|Linux Glibc GHOST 漏洞偵測、修補 CVE-2015-0235 by Tsung]] * [[https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability|Qualys: The GHOST Vulnerability]] * [[http://www.cyberciti.biz/faq/cve-2015-0235-patch-ghost-on-debian-ubuntu-fedora-centos-rhel-linux/|How To Patch and Protect Linux Server Against the Glibc GHOST Vulnerability # CVE-2015-0235]] ===== About Networking Vendors ===== * Many vendors talk about this issue. ^ Vendor ^ Vulnerable ^ Announcement ^ Announce Date ^ | A10 | Yes |[[https://www.a10networks.com/support/advisories/A10-CVE-2015-0235.pdf|A10 Security Advisories]] | 2015-01-28 | | Arbor Networks | Yes | [[https://arbor.custhelp.com/app/answers/detail/a_id/2693/|Internal Field(login required)]] | 2015-01-29 | | Arista Networks | Yes | [[http://www.arista.com/en/support/security-advisories/1053-security-advisory-9|AristaSecurity Advisory]] | 2015-01-28 | | Aruba Networks | Not responded | [[http://www.arubanetworks.com/support-services/security-bulletins/|Aruba Security Advisory]] | - | | Avaya | Yes | [[http://downloads.avaya.com/css/P8/documents/101006705|Avaya Security Advisories]] | 2015-01-28 | | BlueCoat | Yes | [[https://bto.bluecoat.com/security-advisory/sa90|BlueCoat Security Advisories]] | 2015-01-28 | | Brocade | Not Accessible| [[http://www.brocade.com/downloads/documents/technical_support_bulletins/brocade-assessment-gnu-c-library-sa.pdf|Brocade Security Advisory]] | 2015-01-29 | | Cellopoint | Not responded | [[http://www.cellopoint.com/tw/about/news/release|Cellopoint News]] | - | | CheckPoint | Yes | [[https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk104443|CheckPoint]] | 2015-01-27 | | Cisco | Ye | [[http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost|Cisco]] | 2015-01-28 | | Dlink | Not responded | | | | Enterasys (Part of Extreme) | Yes | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2015-001_GHOST_CVE-2015-0235.pdf|Extreme Security Materials]] | 2015-01-29 | | Extreme Networks | Yes | [[http://learn.extremenetworks.com/rs/extreme/images/VN-2015-001_GHOST_CVE-2015-0235.pdf|Extreme Security Materials]] | 2015-01-29 | | F5 | Yes | [[https://support.f5.com/kb/en-us/solutions/public/16000/000/sol16057.html|F5 Security Advisory]] | 2015-01-27 | | FireEye | Investigating... | [[https://www.fireeye.com/content/dam/legacy/resources/pdfs/support-notices/fireeye-ghost-vulnerability-cve-2015-0235.pdf|FireEye Statement]] | 2015-01-27 | | Fortinet | Yes | [[http://www.fortiguard.com/advisory/FG-IR-15-001/|FortiGuard]] | 2015-01-28 | | iMPERVA | Yes | [[https://imperva.my.salesforce.com/articles/Reference/CVE-2015-0235| iMPERVA Security Advisory]] | 2015-01-29 | | Juniper | Investigating, so far no | [[http://kb.juniper.net/InfoCenter/index?page=content&id=TSB16618|Juniper KB]] | 2015-01-28 | | McAfee | Yes | [[https://kc.mcafee.com/corporate/index?page=content&id=SB10100|McAfee Security Bulletin]] | 2015-01-27 | | NetAxle | Not responded | [[http://www.netaxle.com.tw/|NetAxle]] | -- | | Palo Alto | Not responded | [[https://securityadvisories.paloaltonetworks.com/|Palo Alto]] | - | | Radware | Not responded | [[http://www.radware.com/Support/|Support]] | - | | Ruckus Wireless | Not responded | [[http://www.ruckuswireless.com/security|Ruckus Security]] | -- | | Silver Peak | Not responded | [[http://www.silver-peak.com/support/security-advisories|Silver Peak Security Advisory]] | - | | Sophers | Not responded | [[http://www.sophos.com/en-us/support.aspx|Sophers Support]] | - | | Sourcefire (Part of Cisco) | | Check Cisco | - | | Splunk | Yes | [[http://www.splunk.com/view/SP-CAAANVJ| Splunk Answers ]] | 2015-01-28 | | TippingPoint | Yes | [[https://tmc.tippingpoint.com/TMC/library/announcements/cve_2015_0235___ghost.pdf|PDF at TMC]] | 2015-01-30 | | VMware | Investigating... | [[http://kb.vmware.com/kb/2105862|VMware KB]] | 2015-01-29 | | Websense | Yes | [[http://www.websense.com/support/article/kbarticle/GHOST-glibc-Vulnerability|Websense ]] | 2015-01-28 | ===== Best Practices ===== * Update to latest glibc.