(VU#967332, CVE-2015-0235)
Last Updated: February 6, 2015
GNU C Library (glibc) contains a heap buffer overflow vulnerability that may allow an attacker to remotely execute arbitrary code. This vulnerability has been assigned CVE-2015-0235, and is commonly referred to as "GHOST".
January 27, 2015
A buffer overflow vulnerability in the __nss_hostname_digits_dots() function of the glibc was disclosed to the public by Qualys.
Security update for glibc vulnerability (CVE-2015-0235) has been released for most major Linux distributions.
CVE-2015-0235: glibc Remote Heap Buffer Overflow Vulnerability
Base Metrics: 6.8
Access Vector: Network
Access Complexity: Medium
Authentication: None
Confidentiality Impact: Partial
Integrity Impact: Partial
Availability Impact: Partial
Temporal Metrics 5.0 (January 29, 2014)
Exploitablity: Unproven that exploit exists
Remediation Level: Official fix
Report Confidence: Confirmed
+ All versions of glibc from glibc-2.2 (released 2010-11-10) until glibc-2.17 (released 2012-12-25)
+ Linux and UNIX distributions that use glibc
+ Hitachi Products that use glibc
By attacking a service that uses a vulnerable version of glibc, a remote, unauthenticated attacker may be able to execute arbitrary code.
This issue is addressed in glibc. Followings are security update of Linux distributions. Also, please refer to the advisories in "5. Product Information" of Hitachi.
+ Hitachi Server Products
- Display/Keyboard unit/Switch Console Unit
- Hitachi Server Navigator Installation Assistant
+ Hitachi Open Middleware Products
- JP1
- Cosminexus
- HiRDB
- Hitachi Command Suite
+ Hitachi Server Products
- BladeSymphony / Hitachi Compute Blade BS2500/BS2000/BS500/BS320/BS1000
CB2500/CB2000/CB500/CB320 series
- Virtage/Logical partitioning manager
(BladeSymphony/Hitachi Compute Blade BS2500/BS2000/BS500/BS320/BS1000
CB2500/CB2000/CB500/CB320 series)
- Hitachi Advanced Server HA8000 / Hitachi Compute Rack series
- Hitachi Advanced Server HA8500 series
- Hitachi Advanced Server HA8000 / Hitachi Compute Rack series
- Entry Blade Server HA8000-bd series
- HA8000-tc series
- Client Blade FLORA bd100/bd500 series
- Thin Client FLORA Se210/Se330 series
- Client Intagrated Management Software (Hitachi bd Link)
- Entry class disk array model BR1200
- Tape Library
- Hitachi UPS/Management software/Hitachi UPS option, PowerMonitor H, PowerMonitor H for Network,
SNMP interface card, Disk interface card, SNMP+Disk interface card
- Hitachi Server Navigator Update Manager, Log Collect, Log Monitor, Alive Monitor, RAID Navigatorr
- Hitachi Fibre Channel - Path Control Manager
+ Hitachi Storage Products
- Hitachi Virtual File Platform
- Hitachi Data Ingestor
- Hitachi NAS Platform F
- Hitachi Adaptable Modular Storage 2000, BR1600 (HSNM2)
- Hitachi Unified Storage 100, BR1650 (HSNM2)
- Hitachi Tape Array (TF) (HSNM2)
- Hitachi Universal Storage Platform V/VM
- Hitachi Virtual Storage Platform
- Hitachi Virtual Storage Platform G1000
- BCM
- Hitachi Storage Related Products (FC-SW)
The issue is currently under investigation.
Masato Terada (HIRT) and Naoko Ohnishi (HIRT)