Security Advisories

FSC-2015-1: Notice on "GHOST" glibc gethostbyname() vulnerability

Description

GHOST is a heap-based buffer overflow vulnerability found in the glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.

Affected Products

  • Risk Level (Low/Medium/High/Cricital) Critical

Corporate Products:

  • F-Secure Messaging Security Gateway 7.0.2 - 7.5.0
  • F-Secure Protection Service for Email 7.0.2 - 7.5.0
  • F-Secure Internet Gatekeeper Virtual Appliance (IGK VA) 4.11 & 5.20
  • F-Secure Scanning Reputation Server Virtual Appliance (SRS VA) 11.00

 

Platforms

  • Risk Level (Low/Medium/High/Cricital) Critical
  • Linux

More Information

GHOST is a critical vulnerability in glibc gethostbyname() and gethostbyname2() function calls which give attackers access locally or remotely to execute arbitrary code with the permissions of the user running the affected application. The vulnerability affects glibc version 2.2 and other 2.x versions before 2.18. The identifier CVE-2015-0235 has been assigned for this issue.

This advisory will be updated as more information becomes available.

Note: Products and platforms not listed in this advisory are NOT affected by GHOST.

Fix Available

Affected and Patched

The following products/platforms are affected and are already patched.

 

Product Requires User Action? (Yes/No) Remarks
F-SECURE MESSAGING SECURITY GATEWAY 7.0.2 - 7.5.0 Yes Verify that patch has been installed in the appliance.
MSG 7.0.2 – Patch 2200
MSG 7.1.0 – Patch 2201
MSG 7.2.0 – Patch 2202
MSG 7.5.0 – Patch 2203
F-SECURE PROTECTION SERVICE FOR EMAIL 7.0.2 - 7.5.0 Yes Verify that patch has been installed in the appliance.
PSE 7.0.2 – Patch 2200
PSE 7.1.0 – Patch 2201
PSE 7.2.0 – Patch 2202
PSE 7.5.0 – Patch 2203
F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 4.11 Yes Upgrade to F-Secure Internet Gatekeeper Virtual Appliance (IGK VA) 5.20.
F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 5.20 Yes
  1. Download and re-install the latest version of the appliance.
  2. Verify the latest appliance version by opening the management console and checking the full version shown in the login screen:
    IGK VA: 5.20.646.13
F-SECURE SCANNING REPUTATION SERVER VIRTUAL APPLIANCE (SRS VA) 11.00 Yes
  1. Download and re-install the latest version of the appliance.
  2. Verify the latest appliance version by opening the management console and checking the full version shown in the login screen:
    SRS ESXi: 11.00.556.166
    SRS Hyper-V: 11.00.556.24
    SRS XenServer: 11.00.556.76

Not Affected, Requires User Action

The following products/platforms are not affected, but require user action.

 

Product Remarks
F-SECURE LINUX SECURITY F-Secure Linux Security depends on the Operating System provided by glibc.
Countermeasure: Update glibc when made available by the Operating System update channel.
F-SECURE INTERNET GATEKEEPER F-Secure Internet Gatekeeper depends on the Operating System provided by glibc.
Countermeasure: Update glibc when made available by the Operating System update channel.

Advisory Changes

Date Changes
9 February 2015
  1. Updated update instructions for IGK VA 5.20 and SRS VA 11.00
  2. Added IGK VA 4.11 to the list of affected products and update instructions.
5 February 2015 First advisory published.

Date Issued: 2015-02-05
Date Updated: 2015-02-09