GHOST in the machine – CVE-2015-0235

On January 27, 2015 Qualys announced a remote exploit utilizing functions that are part of the GNU C library.

Because it is a vulnerability in glibc, it is going to be a widespread issue.   It’s very early on so products are being investigated to see if they use the vulnerable version of glibc.

You’re likely to see all kinds of products affected because of the widespread inclusion of glibc functions in code.  However, the vulnerability relies on the gethosebyname() function which has been deprecated for sometime now, so while you’re going to see a lot of products shown as affected (because of glibc inclusion), not many should be vulnerable (unless they use the vulnerable function).

Here’s the Security Advisory – http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost

Watch that page for updates as it will take time for all products to be evaluated.  Most products are still being evaluated.  It currently lists CUCM, VCS (X8.1 and older) and others as vulnerable.

And more info here – http://tools.cisco.com/security/center/viewAlert.x?alertId=37181

And a blog entry explaining why it isn’t really as bad as we might think –  http://blogs.cisco.com/security/talos/ghost-glibc

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s