Advisory: Glibc Vulnerability

A buffer overflow vulnerability in the glibc gethostbyname() function was publicly announced on January 27, 2015. The issue is identified by CVE-2015-0235 and was given the name “Ghost.” The ANTlabs Engineering Team started investigating this issue immediately.

This vulnerability is related to the various gethostbyname functions included in glibc and affect applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.

• The issue exists within the __nss_hostname_digits_dots() function, which is used by the gethostbyname() or gethostbyname2() functions.
• Exploitation of the vulnerability can lead to remote code execution (RCE). This provides an attacker the capability to run code of their choosing on the affected machine.

While some ANTlabs products do ship with the vulnerable versions of glibc, based on our current analysis, ANTlabs products are not affected by this issue. This conclusion is based on not finding a method to pass untrusted input to the vulnerable glibc function in any ANTlabs product.

ANTlabs products that ship with vulnerable versions of glibc will be updated in upcoming releases in accordance with standard software update policy.