PAN is aware of this vulnerability. This has been notified On Tuesday, January 27th, a Linux Remote Code Execution Vulnerability was discovered in the GetHost function in certain Linux distributions. This is also known as the "GHOST glib gethostbyname" buffer overflow vulnerability, (CVE-2015-0235).
Our existing signature with TID# 30384 should protect against this vulnerability.
SMTP EHLO/HELO overlong argument anomaly
Signature ID : 30384
Description: This anomaly would be triggered when an overlong parameter is sent to the HELOcommand of SMTP protocol. Some servers such as Tabs Laboratories MailCarrier2.51 might be prone to an overflow vulnerability while parsing the craftedrequest.A successful attack could lead to remote code execution with the privileges of the current logged-in user.
Default action alert
Hope this helps.
When looking for information on a specific CVE the best place to start is the threat vault search.
Once a CVE is covered in a signature they will be listed here. If they are not listed it is not yet covered. PA does not normally publish documentation for every CVE. Those that are high or get a lot of press coverage this this then rate a document like the above.
Is the PA itself ok? the PAs run Linux?
I have a case open and support are checking with our SE so I don't know if there is an official position yet.
Same story with all our vendors - "watch this space" :smileyhappy:
Well I get tons of suspicious domain alerts in my inbox, those are resolved from IPs.
On the other hand, there was a patch for this a year or two ago that a lot of distros didn't apply. I would think PA uses a Linux branch in which they apply every security patch no matter what.
For the applicability of a CVE to PanOS itself, I recommend you open a case in support or contact your Sales Engineer.
This is one of what I consider the weaknesses of Palo Alto Networks as a company. They are as far from transparent as possible about which security issues affects their own PanOS as possible. Most vendor have a customer login secured listing or database of how the various CVE affect their products, Palo Alto only publishes this information in a spotty fashion and usually in response to someone else pointing out that the issue affects PanOS.
If you need information about PanOS vulnerabilities create a case or work with your Sales Engineer to get the direct information.
Support have come back saying Palo Alto have confirmed PAN-OS is vulnerable.
No other details though.
Have to say I'm pretty disappointed at the lack of anything official from Palo Alto on this one - as a customer I shouldn't have to be the one chasing support to find out if a device we own and pay support on to protect our network is vulnerable or not.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!