https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32505#M23826 <HTML><HEAD></HEAD><BODY><P>Please see official response from Palo Alto Networks on this matter:</P><P></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><EM style="font-family: inherit; font-weight: inherit; font-size: 10pt; line-height: 1.5em;">The Palo Alto Networks product security team has been working to investigate our exposure and patch options to address CVE-2015-0235, otherwise known as “GHOST”.&nbsp; This vulnerability has a massive footprint, affecting a commonly used function within glibc that has been around for decades.&nbsp; As such, countless software and embedded systems are impacted by this vulnerability, ours being no exception. However, at this time we are not aware of any specific remotely exploitable conditions enabled by this vulnerability that affects any of our products.&nbsp; We are working to develop a patch across all affected software, but we do not yet have an estimate for when a patch will be available.&nbsp; We will provide more information when an estimate is available. </EM></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;">We will do our best to proactively update all our customers as more information becomes available. </P><DIV><EM style="font-weight: inherit; font-family: inherit;"><BR /></EM><P></P></DIV></BODY></HTML> Mon, 02 Feb 2015 19:45:42 GMT maurisy 2015-02-02T19:45:42Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32495#M23816 <HTML><HEAD></HEAD><BODY><P>Just starting a thread for&nbsp; CVE-2015-0235. Ghost</P><P></P><P>Anybody see any news from PA on this? I have not.</P><P></P><P></P><P>Cheers</P></BODY></HTML> Wed, 28 Jan 2015 04:59:34 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32495#M23816 choff123 2015-01-28T04:59:34Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32496#M23817 <HTML><HEAD></HEAD><BODY><P>Hello Choff123,</P><P></P><P>PAN is aware of this vulnerability. This has been notified On Tuesday, January 27th, a Linux Remote Code Execution Vulnerability was discovered in the GetHost function in certain Linux distributions.&nbsp; This is also known as the "GHOST glib gethostbyname" buffer overflow vulnerability, (CVE-2015-0235).</P><P></P><P>Our existing signature with TID# <SPAN style="font-size: 13.3333330154419px;">30384 should protect against this vulnerability. </SPAN></P><P></P><P><A href="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/30384" title="https://threatvault.paloaltonetworks.com/Home/ThreatDetail/30384">https://threatvault.paloaltonetworks.com/Home/ThreatDetail/30384</A></P><P></P><P><STRONG>SMTP EHLO/HELO overlong argument anomaly</STRONG></P><P><STRONG>Signature ID : 30384</STRONG></P><P></P><P><SPAN style="font-size: 10pt; line-height: 1.5em;"><STRONG>Description:</STRONG> This anomaly would be triggered when an overlong parameter is sent to the HELOcommand of SMTP protocol. Some servers such as Tabs Laboratories MailCarrier2.51 might be prone to an overflow vulnerability while parsing the craftedrequest.A successful attack could lead to remote code execution with the privileges of the current logged-in user.</SPAN></P><P></P><P>Severity high</P><P>Category code-execution</P><P>Default action alert</P><P>CVE CVE-2004-1638</P><P></P><P></P><P>Hope this helps.</P><P></P><P>Thanks </P></BODY></HTML> Wed, 28 Jan 2015 05:22:42 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32496#M23817 HULK 2015-01-28T05:22:42Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32497#M23818 <HTML><HEAD></HEAD><BODY><P>Hello.&nbsp; Please see <A href="https://live.paloaltonetworks.com/docs/DOC-8807">GHOST - Linux Remote Code Execution CVE-2015-0235 0-day vulnerability</A></P></BODY></HTML> Wed, 28 Jan 2015 06:43:18 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32497#M23818 panagent 2015-01-28T06:43:18Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32498#M23819 <HTML><HEAD></HEAD><BODY><P>When looking for information on a specific CVE the best place to start is the threat vault search.</P><P></P><P><A href="https://threatvault.paloaltonetworks.com/" title="https://threatvault.paloaltonetworks.com/">https://threatvault.paloaltonetworks.com/</A></P><P></P><P>Once a CVE is covered in a signature they will be listed here.&nbsp; If they are not listed it is not yet covered.&nbsp; PA does not normally publish documentation for every CVE.&nbsp; Those that are high or get a lot of press coverage this this then rate a document like the above.</P></BODY></HTML> Wed, 28 Jan 2015 11:34:08 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32498#M23819 pulukas 2015-01-28T11:34:08Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32499#M23820 <HTML><HEAD></HEAD><BODY><P><BR />Is the PA itself ok? the PAs run Linux?</P></BODY></HTML> Wed, 28 Jan 2015 16:21:23 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32499#M23820 choff123 2015-01-28T16:21:23Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32500#M23821 <HTML><HEAD></HEAD><BODY><PRE __jive_macro_name="quote" class="jive_text_macro jive_macro_quote"> <P>choff123 wrote:</P> <P></P> <P><BR />Is the PA itself ok? the PAs run Linux?</P> </PRE><P>I have a case open and support are checking with our SE so I don't know if there is an official position yet.</P><P></P><P>Same story with all our vendors - "<EM>watch this space</EM>" <img id="smileyhappy" class="emoticon emoticon-smileyhappy" src="https://live.paloaltonetworks.com/i/smilies/16x16_smiley-happy.png" alt="Smiley Happy" title="Smiley Happy" /></P></BODY></HTML> Wed, 28 Jan 2015 17:16:57 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32500#M23821 networkadmin 2015-01-28T17:16:57Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32501#M23822 <HTML><HEAD></HEAD><BODY><P>I'll keep watching but I'd be surprised if they were.&nbsp; This only affects processes that make DNS resolution calls.</P></BODY></HTML> Wed, 28 Jan 2015 19:23:14 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32501#M23822 Dz3015 2015-01-28T19:23:14Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32502#M23823 <HTML><HEAD></HEAD><BODY><P>Well I get tons of suspicious domain alerts in my inbox, those are resolved from IPs.</P><P></P><P>On the other hand, there was a patch for this a year or two ago that a lot of distros didn't apply. I would think PA uses a Linux branch in which they apply every security patch no matter what.</P></BODY></HTML> Thu, 29 Jan 2015 18:22:49 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32502#M23823 choff123 2015-01-29T18:22:49Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32503#M23824 <HTML><HEAD></HEAD><BODY><P>For the applicability of a CVE to PanOS itself, I recommend you open a case in support or contact your Sales Engineer.</P><P></P><P>This is one of what I consider the weaknesses of Palo Alto Networks as a company.&nbsp; They are as far from transparent as possible about which security issues affects their own PanOS as possible.&nbsp; Most vendor have a customer login secured listing or database of how the various CVE affect their products, Palo Alto only publishes this information in a spotty fashion and usually in response to someone else pointing out that the issue affects PanOS.</P><P></P><P>If you need information about PanOS vulnerabilities create a case or work with your Sales Engineer to get the direct information.</P></BODY></HTML> Sat, 31 Jan 2015 13:26:37 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32503#M23824 pulukas 2015-01-31T13:26:37Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32504#M23825 <HTML><HEAD></HEAD><BODY><P>Support have come back saying Palo Alto have confirmed PAN-OS <EM><STRONG>is</STRONG></EM> vulnerable.</P><P></P><P>No other details though.</P><P></P><P>Have to say I'm pretty disappointed at the lack of anything official from Palo Alto on this one - as a customer I shouldn't have to be the one chasing support to find out if a device we own and pay support on to protect our network is vulnerable or not.</P></BODY></HTML> Sun, 01 Feb 2015 12:29:39 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32504#M23825 networkadmin 2015-02-01T12:29:39Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32505#M23826 <HTML><HEAD></HEAD><BODY><P>Please see official response from Palo Alto Networks on this matter:</P><P></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"><EM style="font-family: inherit; font-weight: inherit; font-size: 10pt; line-height: 1.5em;">The Palo Alto Networks product security team has been working to investigate our exposure and patch options to address CVE-2015-0235, otherwise known as “GHOST”.&nbsp; This vulnerability has a massive footprint, affecting a commonly used function within glibc that has been around for decades.&nbsp; As such, countless software and embedded systems are impacted by this vulnerability, ours being no exception. However, at this time we are not aware of any specific remotely exploitable conditions enabled by this vulnerability that affects any of our products.&nbsp; We are working to develop a patch across all affected software, but we do not yet have an estimate for when a patch will be available.&nbsp; We will provide more information when an estimate is available. </EM></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;"></P><P style="font-weight: inherit; font-style: inherit; font-family: inherit;">We will do our best to proactively update all our customers as more information becomes available. </P><DIV><EM style="font-weight: inherit; font-family: inherit;"><BR /></EM><P></P></DIV></BODY></HTML> Mon, 02 Feb 2015 19:45:42 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32505#M23826 maurisy 2015-02-02T19:45:42Z https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32506#M23827 <HTML><HEAD></HEAD><BODY><P><STRONG style="text-decoration: underline;">Palo Alto Networks Security Advisory Feb, 2015</STRONG></P><P></P><P></P><P class="p1"><SPAN class="s1"><STRONG>GHOST: glibc vulnerability (CVE-2015-0235)</STRONG></SPAN></P><P class="p2"><SPAN class="s1"><EM>Last revised: 02/02/2015</EM></SPAN></P><P class="p2"><SPAN class="s1"><EM><BR /></EM></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Summary</STRONG></SPAN></P><P class="p2"><SPAN class="s1">The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software. Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory. An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)</SPAN></P><P class="p2"><SPAN class="s1"><BR /></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Severity: Low</STRONG></SPAN></P><P class="p2"><SPAN class="s1">The exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare. At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.</SPAN></P><P class="p1"><SPAN class="s1"><STRONG><BR /></STRONG></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Products Affected</STRONG></SPAN></P><P class="p2"><SPAN class="s1">PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier</SPAN></P><P class="p1"><SPAN class="s1"><STRONG><BR /></STRONG></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Available Updates</STRONG></SPAN></P><P class="p2"><SPAN class="s1">A patch for the issue described in this bulletin will be made available in a regularly scheduled maintenance update for each supported release of PAN-OS. This bulletin will be updated as the releases are made available.</SPAN></P><P class="p1"><SPAN class="s1"><STRONG><BR /></STRONG></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Workarounds and Mitigations</STRONG></SPAN></P><P class="p2"><SPAN class="s1">N/A</SPAN></P><P class="p1"><SPAN class="s1"><STRONG><BR /></STRONG></SPAN></P><P class="p1"><SPAN class="s1"><STRONG>Acknowledgements</STRONG></SPAN></P><P class="p2"><SPAN class="s1">N/A</SPAN></P></BODY></HTML> Mon, 02 Feb 2015 20:54:13 GMT https://live.paloaltonetworks.com/t5/general-topics/cve-2015-0235-ghost/m-p/32506#M23827 maurisy 2015-02-02T20:54:13Z