GHOST in the machine – CVE-2015-0235

On January 27, 2015 Qualys announced a remote exploit utilizing functions that are part of the GNU C library.

Because it is a vulnerability in glibc, it is going to be a widespread issue.   It’s very early on so products are being investigated to see if they use the vulnerable version of glibc.

You’re likely to see all kinds of products affected because of the widespread inclusion of glibc functions in code.  However, the vulnerability relies on the gethosebyname() function which has been deprecated for sometime now, so while you’re going to see a lot of products shown as affected (because of glibc inclusion), not many should be vulnerable (unless they use the vulnerable function).

Here’s the Security Advisory – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

Watch that page for updates as it will take time for all products to be evaluated.  Most products are still being evaluated.  It currently lists CUCM, VCS (X8.1 and older) and others as vulnerable.

And more info here – http://tools.cisco.com/security/center/viewAlert.x?alertId=37181

And a blog entry explaining why it isn’t really as bad as we might think –  http://blogs.cisco.com/security/talos/ghost-glibc