Impact of the GNU glibc gethostbyname Function Buffer Overflow “GHOST” Vulnerability on EMC/RSA Products

The “Ghost” vulnerability (CVE-2015-0235) in the gethostbyname functions of the GNU C Library (glib), which is commonly found in Linux based operating systems, affects applications calling this function. In some special instances, the successful exploitation of this vulnerability could allow an attacker to perform remote code execution on a targeted system. Following the release of this vulnerability, we immediately initiated a review of EMC Information Infrastructure and RSA products to assess any potential impact. We have published Knowledgebase articles on our customer accessible support websites that reflect the most up to date information from our review along with remediation plans, where needed:

We will continue to update the information as our review and remediation continues using our standard customer communication channels (including Security Advisories).

If customers have trouble accessing the articles, they can reach out to EMC support at support@emc.com or RSA support at support@rsa.com.

About the Author: Reeny Sondhi