CVE-2015-0235 - GHOST - Threat Management Center

hp.com/go/tippingpoint
January 30, 2015
To: HP TippingPoint Customers
Subject: CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow
Dear Valued Customer
With the recent disclosure and announcement of the GHOST buffer overflow vulnerability, HP
TippingPoint has performed a technical review of our product lines to evaluate the potential
exposure to this critical security issue.
Background Information
GHOST is a 'buffer overflow' vulnerability affecting the gethostbyname() and gethostbyname2()
function calls in the Linux glibc library. This vulnerability allows a remote attacker to execute
arbitrary code with the permissions of the user running the application.
Technical Review Results

IPS: The Intrusion Prevention System (IPS) does not use the vulnerable glibc library, and
as such is not affected by the GHOST vulnerability. No further action is required.

SMS/NGFW: The Security Management System (SMS) and the Next Generation Firewall
(NGFW) are using the vulnerable glibc. However both the SMS and NGFW are hardened
systems that do not expose direct access to the vulnerable glibc library. The vulnerability
is exposed indirectly to those users who have administrative access to the system. HP
TippingPoint has not identified any mechanism that exploits the GHOST vulnerability
even for those users that have administrative access. No further action is required if the
administrative login remains secure.
HP TippingPoint will continue to investigate this vulnerability and will make additional
notifications if any exploit mechanisms are discovered and remediation is available.
For questions or technical assistance on any HP TippingPoint product, please contact the HP
TippingPoint Technical Assistance Center (TAC).
Thank you,
HP TippingPoint
Support Contact Information:
HP TippingPoint TAC
Toll Free: 866 681 8324 | International: +1 512 681 8324
Email: [email protected]
© 2014 Hewlett-Packard Development Company, L.P.