Lucene search

CiscoCISCO-SA-20150128-GHOST

HistoryJan 28, 2015 - 10:30 p.m.

GNU glibc gethostbyname Function Buffer Overflow Vulnerability

2015-01-2822:30:00

tools.cisco.com

10 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.975 High

EPSS

Percentile

100.0%

JSON

On January 27, 2015, a buffer overflow vulnerability in the GNU C library (glibc) was publicly announced. This vulnerability is related to the various gethostbyname functions included in glibc and affects applications that call these functions. This vulnerability may allow an attacker to obtain sensitive information from an exploited system or, in some instances, perform remote code execution with the privileges of the application being exploited.

The glibc library is a commonly used third-party software component that is released by the GNU software project and a number of Cisco products are likely affected.

This advisory will be updated as additional information becomes available. Cisco will release free software updates that address this vulnerability. Workarounds that mitigate this vulnerability are not available.

This advisory is available at the following link:
https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost [“https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost”]

Affected configurations

Vulners

Node

ciscoapplication_and_content_networking_system_softwareMatchany

ciscounityMatchany

ciscociscoworks_lan_management_solutionMatchany

ciscoemergency_responderMatchany

ciscounified_contact_center_expressMatchany

ciscoios_xr_softwareMatchany

ciscointrusion_prevention_systemMatchany

ciscowireless_lan_controllersMatchany

ciscowide_area_application_servicesMatchany

ciscowireless_lan_controller_6.0Matchany

ciscociscoworks_lan_management_solutionMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoservice_control_engineMatchany

ciscounity_connectionMatchany

ciscotelepresence_managerMatchany

ciscophysical_access_gatewayMatchany

ciscounified_contact_center_expressMatchany

ciscorvs4000_softwareMatchany

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscoexpressway_seriesMatchany

ciscomeetingplaceMatchany

ciscoprime_network_analysis_module_softwareMatchany

ciscowebex_meeting_centerMatchany

ciscowebexMatchany

ciscoshow_and_shareMatchany

ciscomobility_services_engineMatchany

ciscotelepresence_video_communication_server_softwareMatchany

ciscotelepresence_recording_serverMatchany

ciscotelepresence_multipoint_switchMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_lan_management_solutionMatchany

ciscocontent_security_management_virtual_applianceMatchany

ciscoprime_infrastructureMatchany

ciscowebex_meetings_serverMatchany

ciscowebex_node_for_mcsMatchany

ciscounified_computing_system_central_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscovirtualization_experience_media_engineMatchany

ciscoasr_5000_series_softwareMatchany

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscovideo_surveillance_ip_gateway_encoder_decoderMatchany

ciscounified_sip_proxyMatchany

ciscoprime_network_registrarMatchany

ciscovideoscape_distribution_suite_optimization_engineMatchany

ciscodigital_content_managerMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

ciscocisco_nexus_1000v_intercloudMatchanyvmware

ciscoexpresswayMatchany

ciscojabber_guestMatchany

ciscodesktop_collaboration_experienceMatchany

ciscosmall_business_srp520_series_firmwareMatchany

ciscoprime_license_managerMatchany

ciscoprime_collaboration_deploymentMatchany

ciscotelepresence_c_series_softwareMatchany

ciscoip_contact_center_expressMatchany

ciscovirtual_topology_systemMatchany

ciscotelepresence_conductorMatchany

ciscovideoscape_conductorMatchany

ciscoprime_networkMatchany

ciscoagent_desktopMatchany

ciscopaging_serverMatchany

ciscocisco_spa112Matchany

ciscoataMatchany

ciscounified_ip_ivrMatchany

ciscoultra_services_platformMatchany

cisconx-osMatchanynexus_9000_series

ciscohosted_collaboration_mediation_fulfillmentMatchany

ciscointercloud_fabricMatchany

ciscoregistered_envelope_serviceMatchany

ciscoapplication_and_content_networking_system_softwareMatchany

ciscounityMatchany

ciscociscoworks_lan_management_solutionMatchany

ciscoemergency_responderMatchany

ciscounified_contact_center_expressMatchany

ciscoios_xr_softwareMatchany

ciscointrusion_prevention_systemMatchany

ciscowireless_lan_controllersMatchany

ciscowide_area_application_servicesMatchany

ciscowireless_lan_controller_6.0Matchany

ciscociscoworks_lan_management_solutionMatchany

ciscoip_interoperability_and_collaboration_systemMatchany

ciscoservice_control_engineMatchany

ciscounity_connectionMatchany

ciscotelepresence_managerMatchany

ciscophysical_access_gatewayMatchany

ciscounified_contact_center_expressMatchany

ciscorvs4000_softwareMatchany

ciscovideo_surveillance_media_serverMatchany

ciscodigital_media_managerMatchany

ciscoace_application_control_engine_module_a1Match4400_series_global_site_selector_\(gss\)_devices

ciscomeetingplaceMatchany

ciscoprime_network_analysis_module_softwareMatchany

ciscowebex_meeting_centerMatchany

ciscowebexMatchany

ciscoshow_and_shareMatchany

ciscomobility_services_engineMatchany

ciscotelepresence_video_communication_server_softwareMatchany

ciscotelepresence_recording_serverMatchany

ciscotelepresence_multipoint_switchMatchany

ciscoasa_cx_context-aware_security_softwareMatchany

ciscoprime_security_managerMatchany

ciscoprime_data_center_network_managerMatchany

ciscoprime_lan_management_solutionMatchany

ciscocontent_security_management_virtual_applianceMatchany

ciscoprime_infrastructureMatchany

ciscowebex_meetings_serverMatchany

ciscowebex_node_for_mcsMatchany

ciscounified_computing_system_central_softwareMatchany

ciscoenterprise_content_delivery_systemMatchany

ciscovirtualization_experience_media_engineMatchany

ciscoasr_5000_series_softwareMatch5000_series_software

ciscofinesseMatchany

ciscosocialminerMatchany

ciscomediasenseMatchany

ciscovideo_surveillance_softwareMatch4000_series_ip_camera

ciscounified_sip_proxyMatchany

ciscoprime_network_registrarMatchany

ciscovideoscape_distribution_suite_optimization_engineMatchany

ciscodigital_content_managerMatchany

ciscounified_intelligence_centerMatchany

ciscoprime_service_catalogMatchany

cisconexus_insightsMatch1000v_switch

ciscoexpresswayMatchany

ciscojabber_guestMatchany

ciscodesktop_collaboration_experienceMatchany

ciscosmall_business_srp520_series_firmwareMatchany

ciscoprime_license_managerMatchany

ciscoprime_collaboration_deploymentMatchany

ciscotelepresence_c_series_softwareMatchany

ciscoip_contact_center_expressMatchany

ciscovirtual_topology_systemMatchany

ciscotelepresence_conductorMatchany

ciscovideoscape_conductorMatchany

ciscoprime_networkMatchany

ciscoagent_desktopMatchany

ciscopaging_serverMatchany

ciscocisco_spa112Match2-port_phone_adapter

ciscoataMatchany

ciscounified_callmanagerMatch7800_series_ip_phones

ciscoultra_services_platformMatchany

cisconexus_insightsMatch3000_series_switch

ciscohosted_collaboration_mediation_fulfillmentMatchany

ciscointercloud_fabricMatchany

ciscoregistered_envelope_serviceMatchany

CPENameOperatorVersion
cisco application and content networking system (acns) softwareeqany
cisco unityeqany
ciscoworks lan management solution (lms) for windowseqany
ciscoworks lan management solution (lms) for solariseqany
cisco emergency respondereqany
cisco unified contact centereqany
cisco ios xr softwareeqany
intrusion prevention system (ips)eqany
cisco wireless location applianceeqany
cisco wide area application services (waas)eqany

Name	Operator	Version
cisco application and content networking system (acns) software	eq	any
cisco unity	eq	any
ciscoworks lan management solution (lms) for windows	eq	any
ciscoworks lan management solution (lms) for solaris	eq	any
cisco emergency responder	eq	any
cisco unified contact center	eq	any
cisco ios xr software	eq	any
intrusion prevention system (ips)	eq	any
cisco wireless location appliance	eq	any
cisco wide area application services (waas)	eq	any