Security Bulletin: GNU C library (glibc) vulnerability affects IBM/Cisco Switches and Directors (CVE-2015-0235)

Summary

GNU C library (glibc) vulnerability that has been referred to as GHOST affects BM/Cisco Switches and Directors

Vulnerability Details

CVEID:CVE-2015-0235

**DESCRIPTION:**The gethostbyname functions of the GNU C Library (glibc) are vulnerable to a buffer overflow. By sending a specially crafted, but valid hostname argument, a remote attacker could overflow a buffer and execute arbitrary code on the system with the privileges of the targeted process or cause the process to crash. The impact of an attack depends on the implementation details of the targeted application or operating system. This issue is being referred to as the “Ghost” vulnerability.

CVSS Base Score: 7.6
CVSS Temporal Score: See http://xforce.iss.net/xforce/xfdb/100386for the current score
CVSS Environmental Score*: Undefined
CVSS Vector: (AV:N/AC:H/Au:N/C:C/I:C/A:C)

Affected Products and Versions

Cisco switches running the 6.2.x and 5.2.x releases

IBM MTM:

9710-E06MDS 9706 Director

9711-S48MDS 9148S Switch

9710-E01MDS 9250i Multilayer Fabric Switch

9710-E08MDS 9710 Director

2054-E01MDS 9222i Multilayer Fabric Switch

2054-E04(2062-D04) MDS 9506 Multilayer Director

**2054-E11 (**2062-E11) MDS 9513 Multilayer Director

2054-E07(2062-D07) MDS 9509 Multilayer Director

2053-424(2417-C24) MDS 9124 Fabric Switch

2053-434(2053-S34) MDS 9134 Fabric Switch

2417-C48MDS 9148 Fabric Switch

3722-S515010 Switch

3722-S525020 Switch

Remediation/Fixes

Release 5.2.8f:
_<http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/5_2/release/notes/nx-os/mds_nxos_rn_528f.html&gt;_

Release 6.2.11b:
http://www.cisco.com/c/en/us/td/docs/switches/datacenter/mds9000/sw/6_2/release/notes/nx-os/mds_nxos_rn_6_2_11b.html

Workarounds and Mitigations

NA