Is NET+OS vulnerable to the GHOST exploit?

Problem: This knowledgebase article addresses an exploit entitled GHOST. Officially it is known as CVE-2015-0235. The GHOST name comes from GetHOSTByName. It causes a buffer overflow in calls to
gethostbyname and gethostbyname2 in operating environments
using glibc.

Analysis: Clearly buffer overflows of any kind cause trouble. This vulnerability
causes trouble in calls to gethostbyname and gethostbyname2.
Fortunately, NET+OS does not use or ship glibc and thus is not
vulnerable to the GHOST (CVE-2015-0235) exploit.

Solution: No action is required by the customer as NET+OS is not
vulnerable to CVE-2015-0235.  




Citations:

GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235).
Copyright 2003 - 2013 Trustwave.
http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html

GHOST: glibc vulnerability (CVE-2015-0235).
Copyright 2015 Red Hat Inc.
https://access.redhat.com/articles/1332213

Last updated: Oct 21, 2024

Recently Viewed

No recently viewed articles

Did you find this article helpful?