Security Advisories

FSC-2015-1: Notice on "GHOST" glibc gethostbyname() vulnerability

Description

GHOST is a heap-based buffer overflow vulnerability found in the glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls.

Affected Products

Risk Level (Low/Medium/High/Critical): Critical

Products

  • F-Secure Messaging Security Gateway 7.0.2 - 7.5.0
  • F-Secure Protection Service for Email 7.0.2 - 7.5.0
  • F-Secure Internet Gatekeeper Virtual Appliance (IGK VA) 4.11 & 5.20
  • F-Secure Scanning Reputation Server Virtual Appliance (SRS VA) 11.00

Platforms

Risk Level (Low/Medium/High/Critical): Critical

  • Linux

More Information

GHOST is a critical vulnerability in glibc gethostbyname() and gethostbyname2() function calls which give attackers access locally or remotely to execute arbitrary code with the permissions of the user running the affected application. The vulnerability affects glibc version 2.2 and other 2.x versions before 2.18. The identifier CVE-2015-0235 has been assigned for this issue.

This advisory will be updated as more information becomes available.

Note: Products and platforms not listed in this advisory are NOT affected by GHOST.

Fix Available

Affected and Patched

The following products / platforms are affected and are already patched.

Product/Platform Requires User Action? (Y/N) Remarks
F-SECURE MESSAGING SECURITY GATEWAY 7.0.2 - 7.5.0 Y 1. Verify that patch has been installed in the appliance.
2. MSG 7.0.2 – Patch 2200
    MSG 7.1.0 – Patch 2201
    MSG 7.2.0 – Patch 2202
    MSG 7.5.0 – Patch 2203
F-SECURE PROTECTION SERVICE FOR EMAIL 7.0.2 - 7.5.0 Y 1. Verify that patch has been installed in the appliance.
2. PSE 7.0.2 – Patch 2200
    PSE 7.1.0 – Patch 2201
    PSE 7.2.0 – Patch 2202
    PSE 7.5.0 – Patch 2203

F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 4.11

Y 1. Upgrade to F-Secure Internet Gatekeeper Virtual Appliance (IGK VA) 5.20.

F-SECURE INTERNET GATEKEEPER VIRTUAL APPLIANCE (IGK VA) 5.20

Y 1. Download and re-install the latest version of the appliance.
2. Verifty the latest appliance version by opening the management console and checking the full version shown in the login screen:
   - IGK VA: 5.20.646.13
F-SECURE SCANNING REPUTATION SERVER VIRTUAL APPLIANCE (SRS VA) 11.00 Y

1. Download and re-install the latest version of the appliance.
2. Verifty the latest appliance version by opening the management console and checking the full version shown in the login screen:
   - SRS ESXi: 11.00.556.166
   - SRS Hyper-V: 11.00.556.24
   - SRS XenServer: 11.00.556.76

 

NOT Affected, Requires User Action

The following products are not affected, but require user action.

Product/Platform Remarks
F-SECURE LINUX SECURITY 1. F-Secure Linux Security depends on the Operating System provided by glibc.
2.Countermeasure: Update glibc when made available by the Operating System update channel.
 
F-SECURE INTERNET GATEKEEPER 1. F-Secure Internet Gatekeeper depends on the Operating System provided by glibc.
2.Countermeasure: Update glibc when made available by the Operating System update channel.

 

Advisory history

Date Changes
9 February 2015

 - Updated update instructions for IGK VA 5.20 and SRS VA 11.00
 - Added IGK VA 4.11 to the list of affected products and update instructions.

5 February 2015 First advisory published.

 

Date Issued: 2015-02-05
Date Updated: 2015-02-09