Looking for info on CVE-2015-0235
Hello,
I'm looking for information on CVE--2015-0235 or GNC C Library (glibc) Remote Code Execution Vulnerability.
I would like to see if the affected program is on my servers and if so is Solaris 10 effected?
Any help would be greatly appreciated.
Thanks
We don't ship glibc with Solaris
Similar Messages
-
Is AsyncOS vulnerable to New Critical GLibc Vulnerability CVE-2015-0235 (aka Ghost)
Raising for awareness in the community.
New Critical GLibc Vulnerability CVE-2015-0235 (aka GHOST)
https://isc.sans.edu/diary/New+Critical+GLibc+Vulnerability+CVE-2015-0235+%28aka+GHOST%29/19237
Raised a support case and current update is Cicso is investigating if AsynOS is vulnerable
PaulCurrently it is being reviewed and looked into:
http://tools.cisco.com/security/center/viewAlert.x?alertId=37181
Please refer to the following information, as provided from our Product Security Incident Response Team (PSIRT):
Complete information about reporting security vulnerabilities in Cisco products, obtaining assistance with security incidents, and registering to receive security information from Cisco is available on Cisco.com at:
http://www.cisco.com/web/about/security/psirt/security_vulnerability_policy.html
This web page includes instructions for press inquiries regarding Cisco Security Advisories. All Cisco Security Advisories are available at:
http://www.cisco.com/go/psirt -
CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235)
The affected releases listed for this advisory state "Known Affected Releases: (4) 4.2(8), 5.2(9), 6.1(5), 6.2(10)"
Our 7Ks are running 6.1(2), does this mean that any code in the 6.1(x) release below 6.1(5) is affected? Or is it just 6.1(5) specifically and none other running 6.1(x)?
Thanks,
JimHi,
Please refer this links,
Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
https://rhn.redhat.com/errata/RHSA-2015-0090.html
Regards,
S27 -
Re: glibc GHOST vulnerability # CVE-2015-0235.
Hi,
I tried hijacking someone else's forum thread for my own issue, but a kind forum moderator branched it away to (hopefully) stand on its own merits instead of ripping attention away from that original discussion.
We have an Oracle Appliance ( OVCA ), I am trying to find patch policy of Oracle for the OVCA and OVM environments.
I read Doc 1965975.1 on MOS but this is explicit for Exalogic.
So I am not sure if I should install this patch on this appliances.
Is anyone familiar with Oracle's patch policy regarding OVCA/OVM.
Thanks in advance,
Regards,
Eelke.Oracle VM 2.2, 3.2 and 3.3 have all been patched for GHOST: linux.oracle.com | CVE-2015-0235.
I will look into why 3.3 is listed, but I've checked the repository and the updated glibc RPMs are available. However, I'm not sure what OVCA's patching policy is, so you'd need to open an SR for that. -
Glibc GHOST vulnerability # CVE-2015-0235.
Please suggest patch for glibc GHOST vulnerability # CVE-2015-0235 in Oracle Linux server.Please find below details:-
./ghost
Linux JBLDCVSNPRE01 2.6.39-400.214.6.el6uek.x86_64 #1 SMP Thu May 8 03:38:30 PDT 2014 x86_64 x86_64 x86_64 GNU/Linux
Red Hat Enterprise Linux Server release 6.5 (Santiago)
Installed glibc version(s)
- glibc-2.12-1.132.el6_5.1.x86_64: vulnerableHi,
Please refer this links,
Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
https://rhn.redhat.com/errata/RHSA-2015-0090.html
Regards,
S27 -
CSCus68798 - ISE is vulnerable to CVE-2015-0235 Linux Ghost remote code execution
First time trying to follow a specific CVE in Real-Time...
I see this CVE-2015-0235 GHOST hack is applicable to ISE and Prime Infrastructure... but I haven't seen any patch status update since yesterday.
CSA says "Obtaining Fixed Software
Cisco has released free software updates that address the vulnerability described in this advisory."
Yet, when I check the (2) products' download pages, the newest software I see is from Jan 23 and Jan 6, respectively. The exploit was published on Jan 27. So, where are the patches?The team that found the exploit, Qualys Security Advisory, documented that "the most stable and long-term-support distributions were left exposed (and still are): Debian 7 (wheezy), Red Hat Enterprise Linux 6 & 7, CentOS 6 & 7, Ubuntu 12.04, for example." See the link below for the full report:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
I'm assuming this is affecting all versions of UC appliances running these OS's (and possibly more that aren't used in the example?). Anyone know how to determine what products are vulnerable to this? -
GHOST Security Vulnerability - CVE 2015-0235
Dear All,
I have 2 units of Xserve running on Maverick OS 10.9.5
Is the Maverick OS 10.9.5 vulnerable to GHOST CVE 2015-0235 threat?
If yes where can I download the patches?
Please advise
Thanks
IzzychunweiNo known threat to Macs at present, but will have to wait for confirmation from Apple.
Have a read here https://jamfnation.jamfsoftware.com/discussion.html?id=13156
Cheers
Pete -
CSCus68892 - N7K assess GHOST vulnerability in glibc and40;CVE-2015-0235) - 1
Wouldn't it be a workaround to disable name resolution by configuring:
no ip domain-lookupHi,
Please refer this links,
Linux GHOST vulnerability (CVE-2015-0235) is not as scary as it looks | Symantec Connect
https://rhn.redhat.com/errata/RHSA-2015-0090.html
Regards,
S27 -
Hi guys,
Does anybody know if Solaris SUNWGlib is vulnerable to GHOST (CVE-2015-0235) ? Or it's just the Linux version of glibc?
Thank you!The official statement from Oracle with regard to GHOST at this time is:
Oracle’s security and development teams are aware of the recently disclosed vulnerability, CVE-2015-0235; or ‘Ghost’.
Oracle has provided information about this issue for Linux.
The URL for the information published is http://linux.oracle.com/cve/CVE-2015-0235.html.
Please note that Solaris does not ship glibc. Other products like Solaris Cluster, Oracle Key Manager and
ZFSSA that have Solaris as the base or embedded operating system do not contain glibc either.
Regards,
Alan Hargreaves -
CVE-2015-0235 on Oracle Database Appliances
Hello,
Does anybody know if Oracle Linux Server release 5.9 2.6.39 400.126.1.el5uek is vulnerable to GHOST (CVE-2015-0235)?
Thank you!
EPAYou would need to check the version of the glibc RPMs on that box and make sure they are up-to-date. The RPMs with the fix applied are listed here: linux.oracle.com | ELSA-2015-0090 - glibc security update
-
IAS-39: looking for info
Hi.
We are looking for info regarding what type of support do SAP gives for this IAS rule.
So far we saw that this rule is supported in the Tresurey module and we are looking to avoid implementing this module.
thanx.
ayal.Hi Ayal,
you can find some information by using the SAP Service Marketplace.
If you follow this link:
https://websmp105.sap-ag.de/ias
You will be led to the IAS/ IFRS information page.
The information regarding IAS39 you will find within the media library.
Kind regards
Thomas -
Looking for info on the msi 970 gaming .
Looking at the msi gaming 970 as a GPU. I know about the ram issue. Looking for info about the card in general (persons perspective ). Like how does it overclock, cooling, bios updates, warranty and so on.
My specs
4790k-4.0
gigabyte z97 black edition MB
8gb gskill
WD valaciraptor HD
Thanks.Cooling: It has very good cooler (better than 780Ti which I own) so surely low temps (<70C with fans 35%~ )
OC: It's a gamble. One can overclock better than the other
Warranty: As far as I know, 1 year with seller and further 1 year directly with MSI
BIOS updates: it's new card so rarely any updates right now, but there are some if something is being fixed/improved.
Should work fine in your system, no bottleneck with i7 4790
Just depends if you look at reference design or Gaming series. -
Linux Ghost Vulnerability CVE-2015-0235
Just heard about this, the bug is old (discovered around 2013 I believe) but was just released as a security advisory today or yesterday.
This link shows you how to determine if your system is vulnerable, and how to patch the bug although it doesn't include how to patch on arch systems. I tested my system and it isn't vulnerable, so for the most part if you keep your system up to date it shouldn't be vulnerable either, but it doesn't hurt to check!
http://www.cyberciti.biz/faq/cve-2015-0 … hel-linux/Trilby wrote:I was about to post in this in our grr thread. Archlinux had the fixed glibc version over a year and a half ago. Those who say the sky is falling really need to stop and actually look outside once in a while (not referring to this thread - but to my university's IT "professional" who sent out the dumbest email about this to the entire university acting like it was the end of the world).
On Google+, there's a guy (who I won't name) going around promoting his article about this security vulnerability, which incidentally written in such a way that mother said "so, all Linux devices, including Android phones, are affected, right?". Same guy seems to write articles monthly about how Linux is dying on the Desktop Computer...
On that note, I wonder whether we need to keep this thread open before it turns into a GRR-fest. -
Looking for Info on MSI G31M3-F
I'm looking for anyone who's using a G31M3-F. It seems like a great budget board for someone who wants to reused DDR2 mem and a Pent. D processor, but there's virtually no info on it. Is it good for OC? How long has it been out? I can only find 4 reviews from newegg. I don't do a lot of gaming but do place WoW from time to time. The X3100 should handle that just fine.
The one question I have is that I've heard that if you ever plan to put a descrete video card into a Mobo, you should never get one with an IGP. Is there any truth to that?Hello LoopFree,
Quote
but there's virtually no info on it.
What kind of info are you looking for? For board specifications and processor & memory support information you can look at the product site(s):
G31M3-F
--> http://global.msi.eu/index.php?func=proddesc&maincat_no=1&cat2_no=170&prod_no=1470
G31M3-F (FSB 1600)
--> http://global.msi.eu/index.php?func=proddesc&maincat_no=1&cat2_no=170&prod_no=1590
G31M3-F V2 (3 Audio Ports)
--> http://global.msi.eu/index.php?func=proddesc&maincat_no=1&cat2_no=170&prod_no=1573
G31M3-F V2 (6 Audio Ports)
http://global.msi.eu/index.php?func=proddesc&maincat_no=1&cat2_no=170&prod_no=1574
Note that not all Pentium D models are supported on all G31M3-F boards and that you will need DDR2-667 or DDR2-800 modules. DDR2-533 (and lower) modules are not supported.
Quote
How long has it been out?
Not sure, first or second quarter of 2008 if I am not mistaken. The earliest official BIOS Releases are from March 2008.
Quote
The one question I have is that I've heard that if you ever plan to put a descrete video card into a Mobo, you should never get one with an IGP. Is there any truth to that?
The mainboard should work fine if you add a stand-alone graphics card, if that is your question. Check the test reports that can be accessed via the product site(s) for tested video cards.
Quote
Is it good for OC?
To a certain extent, maybe, but as it is a budget board with a budget board BIOS, don't expect miracles. -
I found this article when searching for info on restoring (to factory conditions) an iPod Touch 4th Generation. Now I thought this shipped with iOS 5.x (x unknown). But as mentioned too briefly in the header, when I click 'Restore' in iTunes, it offers not to restore, but to update. That is not what I want. I need to use this iPod Touch with Xcode 4.2 under Snow Leopard.
So the question is: what is really going on here and why? Is it really true that 4th G iPod Touches ship with 6.0.1 instead of 5.x? If not, how can I get it to really go back to the original? Why is iTunes failing to offer a restore when I press 'Restore'? If I guessed wrong about which of my several machines running iTunes (some under Windows7, one under Snow Leopard)I used when I upgraded to iOS 6.0.1, would that explain iTune's failure to offer a true Restore?Restore will not replace an old iOS level. It will update the iOS level to the latest level. If you have to restore youre iPod that is what will happen. The iOS is not a part of a backup.
Maybe you are looking for
-
How do I sync my iPhone 5 with my iPad so when I download apps they go to both devices
How do I sync my iPhone 5 with my iPad so when I download apps they go to both devices
-
Hi , While monitoring file adapter it is showing the error. Processing Error: No suitable sender agreement found In the integration directory i have defined Sender Agreement and also defined Sender communication channel. The communication channel for
-
I can't access a sign-in page for Yahoo or Hotmail
I have tried all the trouble shooting tips, but nothing seems to work. I am able to use Google and "Gmail" but when I request to sign in to either Yahoo or Hotmail, the system just freezes up. I am able to pull up News and other Yahoo sites, but it
-
User password will need be changed when user logon
Why users need to change the password once I setup when they have been assigned by superuser? If that is the case, then should I just assign any 4 digits then they put the real password when they log on or they can reuse the same password that I crea
-
Tip on Using "Folder" for performing Query Based Classification
In setting up a TREX taxonomy for one of our intranet sites we concluded that the folder structure used by the web developers really helped classify the documents at a higher than an 80% level. It seems that in many cases, the intranet, outlook publ