cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

[VDS-TC]GNU glibc gethostbyname Function Buffer Overflow Vulnerability

158
Views
0
Helpful
0
Comments

On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced.

 

Affected Products

Cisco is currently investigating its product line to determine which products may be affected and the extent of the impact of the vulnerability on its products. Additional Cisco products will be added as the investigation progresses.

-Cisco Videoscape Distribution Suite Transparent Caching

 

Workarounds

There are currently no network-based mitigations for this vulnerability or any mitigations that can be performed directly on affected systems.

Cisco has published an Event Response for this vulnerability: http://www.cisco.com/web/about/security/intelligence/ERP_GHOST_29-Jan-2015.html

 

It seems that this vulnerability affect all Linux systems (redhat, centos, ubunt and so on..) which have glibc 2.18 or prior version.

So we have checked all MGMT and CEs, confirmed that all servers are glibc 2.9 version as follows,

 

 

you can use the following command on VDS-TC to checj the version of Glibc version.

root@mg-1:/home/padmin> getconf –a | grep libc

--------

this is mg-1

GNU_LIBC_VERSION                   glibc 2.9

this is ce-1

GNU_LIBC_VERSION                   glibc 2.9

this is ce-2

GNU_LIBC_VERSION                   glibc 2.9

this is ce-3

GNU_LIBC_VERSION                   glibc 2.9

 

 

 

 

Please refer to the following url for details.

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost?vs_f=Ci...

 

 

This issue already is escalated to BU and PA and waiting for the reply.

Here is the latest update from PA.

PA has agreed with the VDS-TC management team that a fix for this vulnerability will be available in release 6.0 which is planned to be released on Q3/2015.
In release 6.0, the product will run on CentOS platform (instead of openSUSE as today) and the glibc library in use will have a fix for the glibc GHOST issue.

 

CreatePlease to create content
Content for Community-Ad
August's Community Spotlight Awards