The wiki is deprecated and due to be decommissioned by the end of September 2022.
The content is being migrated to other supports, new updates will be ignored and lost.
If needed you can get in touch with EGI SDIS team using operations @ egi.eu.
EGI CSIRT:Alerts/GHOST-glibc-2015-01-30
Jump to navigation
Jump to search
| Mission | Members | Contacts
| Incident handling | Alerts | Monitoring | Security challenges | Procedures | Dissemination
** WHITE information - Unlimited distribution allowed **
** see https://wiki.egi.eu/wiki/EGI_CSIRT:TLP for distribution restrictions **
EGI CSIRT ADVISORY [EGI-ADV-20150130]
Title: EGI Alert 'High' risk CVE-2015-0235 GNU C Library (glibc) "GHOST" vulnerability - [EGI-ADV-20150130]
Date: 2015-01-30
Updated:
URL: https://wiki.egi.eu/wiki/EGI_CSIRT:Alerts/GHOST-glibc-2015-01-30
Introduction
============
A buffer overflow vulnerability CVE-2015-0235 in the GNU C Library (glibc) called the "GHOST" vulnerability
has been announced which may be exploited remotely.
This has been defined as having 'Critical' impact by RedHat [R 1]
So far no exploit has been found in software commonly used on the EGI Infrastructure.
We cannot be sure that there isn't potentially a serious exploit in the EGI infrastructure which
we are not aware of, therefore we ask sites to update as soon as possible.
Details
=======
It is stated in [R 2] many commonly used applications are not vulnerable.
Additionally, this has not been found to be exploitable in Grid Middleware in common use in EGI,
although we cannot be certain something has not been missed.
Globus has stated that the Globus Toolkit software is not vulnerable to currently known exploits
resulting from this vulnerability [R 3]
Further information can be found at [R 4], [R 5]
Risk category
=============
This issue has been assessed as 'High' risk by the EGI Security officer.
However, if an exploit relevant to the EGI infrastructure were to emerge it is likely
to be revised to 'Critical' risk.
Affected software
=================
See [R 5]
Recommendations
===============
We recommend sites update relevant components as soon as possible due to the seriousness of this
issue if some software on the infrastructure is found to be vulnerable.
If an exploit relevant to EGI is found the risk will be re-assessed and is likely to rise,
and updates are likely to be requested urgently.
Credit
======
This vulnerability was announced publicly.
EGI SVG and CSIRT were first alerted to this vulnerability by Michal Prochazka and Eygene Ryabinkin at approx the same time.
References
==========
[R 1] https://access.redhat.com/security/cve/CVE-2015-0235
[R 2] http://www.openwall.com/lists/oss-security/2015/01/27/18
[R 3] https://support.globus.org/entries/87762727
[R 4] https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
[R 5] http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-0235
Timeline
========
Yyyy-mm-dd
2015-01-27 Vulnerability announced publicly
2015-01-28 EGI SVG and CSIRT alerted to this vulnerability by Michal Prochazka and Eygene Ryabinkin,
discussions took place
2015-01-29 Agreed that although no obvious exploit has been found an advisory should be issued
recommending sites update as soon as possible.
2015-01-30 EGI Security officer and SVG chair agreed to 'High' risk.
2015-01-30 Alert sent to sites
On behalf of the EGI CSIRT and SVG,