Reset Search
 

 

Article

VN 2015 001 GHOST

« Go Back

Vulnerability Notice

 
Vulnerability Summary
SUMMARY
A serious vulnerability has been discovered in two legacy functions that are related to DNS resolution in glibc. Due to the fact that glibc is a fundamental OS component used by many pieces of userland software, this vulnerability is a high priority for remediation.

BACKGROUND (CVE-2015-0235)
 
There is a heap-based buffer overflow in the __nss_hostname_digits_dots function in glibc 2.2, and other 2.x versions before 2.18.  This allows context-dependent attackers to execute arbitrary code via vectors related to the (1) gethostbyname or (2) gethostbyname2 function, aka "GHOST.”
 
Published: 2015-01-27
CVSS Severity: 10 (from NVD/NIST)

The following software, and software supported products by Extreme Networks will be analyzed for this vulnerability:
 
  1. ExtremeXOS
  2. X-Series Secure Core Router
  3. N, K, SSA, and S Modular Switches
  4. A, B, C, D, G, I & 800 Series Fixed Switches
  5. NetSight / NAC (IA) / Purview
  6. Ridgeline
  7. IDS/IPS
  8. Security Information & Event Manager
  9. IdentiFi Wireless
  10. Wireless Mobility
  11. XSR (X-Pedition Security Router)
  12. ExtremeWare
 
 
IMPACT
 
Because DNS resolution is an extremely common function performed by many pieces of software, and because glibc is commonly involved to perform these resolutions, this vulnerability has a high impact across all systems and software the leverage a vulnerable version of glibc. Successfully exploitation would give an attacker full remote code execution with the context of the exploited process.
 
Products Potentially Affected
The following is the vulnerability status of the software products supported by Extreme Networks for this issue:
 
ExtremeXOSNo
N,K,SSA, and S Modular SwitchesNo
A,B,C,D,G,I &800 Series Fixed SwitchesNo 
NetSight/NAC(IA)/PurviewFixed
Ridgeline No
 IDS/IPSYes
Security Information & Event Manager InvestigatingNo
IdentiFi WirelessFixed
Wireless Mobility versions WM 5.5X No
XSR (X-Pedition Security Router)  No
ExtremeWareNo
Note: To our knowledge, no other Extreme products (including the Enterasys-branded products) have been determined to be vulnerable at this time.
 
Impact Details
ExtremeXOS (all products): 
  • Vulnerable: No
  • Vulnerable Component:  None. Several EXOS components use the vulnerable gethostbyname() function in glibc. However, EXOS does a very stringent boundary check before calling the gethostbyname function, so any attempt to exploit this vulnerability in EXOS will fail.
X-Series Secure Core Router
  • Vulnerable:  Yes
  • Vulnerable Component: TBD
  • Describe conditions when component Vulnerability occurs (why/when/how):  TBD
  • Product version(s) affected:  All active X-Series releases use a vulnerable glibc version
  • Workaround:  TBD
  • Target Fix Release:  TBD
  • Target Month for Fix Release:  TBD

N, K, SSA, and S Modular Switches
  • Vulnerable:  No (Product does not use any version of glibc
A, B, C, D, G, I & 800 Series Fixed Switches
  • Vulnerable:  No  All A,B,C,D,G,I Series Devices do not use Linux
NetSight /NAC (IA)/ Purview:
  • Vulnerable:  Yes
  • Vulnerable Component: glibc library on 32-bit and 64-bit NetSight appliances
  • Describe conditions when component Vulnerability occurs (why/when/how):  Some components of NetSight make a call to the vulnerable function of the glibc library. It is not known how a compromise could be achieve, or if it could be achieved, but it is at least possible in theory.
  • Product version(s) affected:  All NetSight Appliances
  • Workaround:  There is not one currently.
  • Fixed In: 6.1.0.181,  6.2.0.189,  6.3.0.38
Ridgeline:
  • Vulnerable: No - The OS is not provided with Ridgeline, it’s a software only solution.
IDS / IPS:
  • Vulnerable: Yes
  • Vulnerable Component: glibc library on 32-bit and 64-bit Dragon appliances
  • Describe conditions when component Vulnerability occurs (why/when/how): Some components of Dragon make a call to the vulnerable function of the glibc library.
  • It is not known how a compromise could be achieve, or if it could be achieved, but it is at least possible in theory.
  • Product version(s) affected:  All Dragon Appliances
  • Workaround:  There is not one currently.
  • Target Fix Release: TBD
  • Target Month for Fix Release:  TBD
Security Information & Event Manager:
  • Vulnerable: No (Product does not use any version of glibc)
  • Vulnerable Component: None
  • Describe conditions when component Vulnerability occurs(why/when/how): None
  • Product version(s) affected: None
  • Workaround: NA
  • Target Fix Release: None
  • Target Month for Fix Release: NA
 IdentiFi Wireless: IdentiFi controller:
  • Vulnerable: Yes
  • Vulnerable Component: glibc based components including Python
  • Product version(s) affected: all releases between 3.0 and 9.15.0 inclusive
  • Workaround: Risk of successful exploit is low. The controller only accepts hostnames and FQDNs in a limited number of commands and GUI options and the input is checked to enforce length limits and valid characters for host names. Qualys has provided a list of applications that are not vulnerable when running on versions of Linux with the vulnerable glibc version. The list includes most of the third party Open source software used for remote access to the controller and APs. In addition the controller has few places where a host name or FQDN can be entered or used. So risk of a successful exploit is likely low.
  • Target Fix Release: 9.21.01
 IdentiFi Wireless: AP26xx and AP36xx series:
  • Vulnerable: No
IdentiFi Wireless: AP37xx, AP38xx, AP39xx series:
  • Vulnerable: Yes
  • Vulnerable Component: glibc based components including Python
  • Product version(s) affected: all releases between 3.0 and 9.15.0 inclusive
  • Workaround: Risk of successful exploit is low. The AP only uses hostnames configured on and by the controller or built into the software. Direct CLI access to the APs can and should be disabled from teh controller unless troubleshooting is actively in progress.
  • Target Fix Release: 10.01
Wireless Mobility:
Controller & Access Points: 
  • Vulnerable:  No
XSR (X-Pedition Security Router):
  • Vulnerable:  No  (does not use glibc)
ExtremeWare (all products): 
  • Vulnerable: No - Extremeware (VxWorks based) doesn't use glibc
Threat Details
 
CVENameImpactVulnerable 
Versions
ClientServer
CVE-2015-0235Glibc “GHOST” vulnerabilityHighAll versions prior to glibc-2.18HighHigh
 
Vulnerability Mitigation
TBD

 
Repair Recommendations
The resolution to any threat or issue is dependent upon a number of things, including the set-up of the computer network and how the local IT team wants to address the situation.  Accordingly, in addition to updating the software as recommended in this document, the local IT team will need to analyze and address the situation in a manner that it determines will best address the set-up of its computer network.
Update the software, identified in this Notice, in your Extreme Networks’ products by replacing it with the latest releases from Extreme Networks including the following version (or above):  
 
  1. ExtremeXOS – No
  2. X-Series Secure Core Router – Yes
  3. N, K, SSA, and S Modular Switches – No
  4. A, B, C, D, G, I & 800 Series Fixed Switches – No
  5. NetSight/NAC(IA)/ Purview – Yes
  6. Ridgeline – No
  7. IDS/IPS – Yes
  8. Security Information & Event Manager – No
  9. IdentiFi Wireless – Yes (See Impact Details)
  10. Wireless Mobility versions WM 5.5.X – No
  11. XSR (X-Pedition Security Router) – No
  12. ExtremeWare – No
 
Firmware & Software can be downloaded from - http://www.extremenetworks.com/support/
 
 
Further Information
 
NIST release:  http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235
 
CVE Project: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
 
Red Hat: https://access.redhat.com/articles/1332213
 
Qualys Analysis: http://www.openwall.com/lists/oss-security/2015/01/27/9
 
Legal Notice
THIS ADVISORY NOTICE IS PROVIDED ON AN "AS IS" BASIS AND EXTREME NETWORKS MAKES NO REPRESENTATIONS OR WARRANTIES OF ANY KIND, EXPRESSLY DISCLAIMING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. USE OF THE INFORMATION PROVIDED HEREIN OR MATERIALS LINKED FROM THIS ADVISORY NOTICE IS AT YOUR OWN RISK. EXTREME NETWORKS RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME, AND EXPECTS TO UPDATE THIS DOCUMENT AS NEW INFORMATION BECOMES AVAILABLE.  THE INFORMATION PROVIDED HEREIN IS APPLICABLE TO CURRENT EXTREME NETWORKS’ PRODUCTS IDENTIFIED HEREIN AND IS NOT INTENDED TO BE ANY REPRESENTATION OF FUTURE FUNCTIONALITY OR COMPATIBILITY WITH ANY 3RD PARTY TECHNOLOGIES REFERENCED HEREIN.  THIS NOTICE SHALL NOT CHANGE ANY CONTRACT OR AGREEMENT THAT YOU HAVE ENTERED INTO WITH EXTREME NETWORKS.

This notice was imported into GTAC Knowledge on 18-Jan-2016.  

Feedback

 

Was this article helpful?


   

Feedback

Please tell us how we can make this article more useful.

Characters Remaining: 255