CVE-2015-0235 Ghost

Announcements

ATTENTION Customers, All Partners and Employees: The Customer Support Portal (CSP) will be undergoing maintenance and unavailable on Saturday, November 7, 2020, from 11 am to 11 pm PST. Please read our blog for more information.

Reply
Highlighted
L4 Transporter

Please see official response from Palo Alto Networks on this matter:

The Palo Alto Networks product security team has been working to investigate our exposure and patch options to address CVE-2015-0235, otherwise known as “GHOST”.  This vulnerability has a massive footprint, affecting a commonly used function within glibc that has been around for decades.  As such, countless software and embedded systems are impacted by this vulnerability, ours being no exception. However, at this time we are not aware of any specific remotely exploitable conditions enabled by this vulnerability that affects any of our products.  We are working to develop a patch across all affected software, but we do not yet have an estimate for when a patch will be available.  We will provide more information when an estimate is available.

We will do our best to proactively update all our customers as more information becomes available.


Highlighted
L4 Transporter

Palo Alto Networks Security Advisory Feb, 2015

GHOST: glibc vulnerability (CVE-2015-0235)

Last revised: 02/02/2015


Summary

The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software. Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory. An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)


Severity: Low

The exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare. At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.


Products Affected

PAN-OS 6.1.2 and earlier; PAN-OS 6.0.8 and earlier; PAN-OS 5.0.15 and earlier


Available Updates

A patch for the issue described in this bulletin will be made available in a regularly scheduled maintenance update for each supported release of PAN-OS. This bulletin will be updated as the releases are made available.


Workarounds and Mitigations

N/A


Acknowledgements

N/A

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!