Security Advisory: Ghost Vulnerability
Tech Tip: As a reminder, in order to maintain the highest level of security and functionality of your systems, it is good practice to stay current on all operating system and application updates and patches.
Today's Advisory: For UNIX/LINUX users, please see the critical update below regarding the GHOST vulnerability.
The release of CVE-2015-0235 caught our attention. This security vulnerability, called GHOST, impacts all Unix systems using GNU glibc package, which include almost all flavor of Linux systems, server and desktop alike(See attached list). However, it does not impact Windows, or IOS.
RedHat has published a script (https://access.redhat.com/labs/ghost/ ) to check whether your system is vulnerable to GHOST. We advise you checking your Linux systems with this tool. It should discover whether your system is running a version of glibc vulnerable to this threat.
Once you discover a vulnerable system, we strongly suggest you mitigate the risk with an update, or a patch published by your specific vendor. A server reboot is strongly recommended after the patching for the patch to take a full effect.
Our infrastructure Linux servers are all updated with newer glibc package. A screen shot demonstrate the above mention tool verification. Running this tool against an impacted system would show that it's vulnerable.
Known vulnerable platforms with patch/update released:
Vendor Status Date Notified Date Updated
Arch Linux Affected 28 Jan 2015 30 Jan 2015
Blue Coat Systems Affected - 30 Jan 2015
Cisco Systems, Inc. Affected - 30 Jan 2015
Citrix Affected - 30 Jan 2015
Debian GNU/Linux Affected 28 Jan 2015 28 Jan 2015
F5 Networks, Inc. Affected - 30 Jan 2015
Gentoo Linux Affected 28 Jan 2015 30 Jan 2015
Juniper Networks, Inc. Affected - 30 Jan 2015
NetApp Affected - 30 Jan 2015
openSUSE project Affected 28 Jan 2015 30 Jan 2015
Openwall GNU/*/Linux Affected 28 Jan 2015 30 Jan 2015
Red Hat, Inc. Affected 28 Jan 2015 30 Jan 2015
Slackware Linux Inc. Affected 28 Jan 2015 28 Jan 2015
SUSE Linux Affected 28 Jan 2015 28 Jan 2015
Ubuntu Affected 28 Jan 2015 28 Jan 2015
If you have any further questions, please contact the Help Desk and open a ticket for further consultation.