Linux GHOST 漏洞說明

Infoblox系統不存在Linux GHOST (CVE-2015-0235)漏洞影響.

Infoblox KB#3581: NIOS and Network Automation products are not vulnerable to CVE-2015-0235

Published 01/28/2015 10:54 AM   |    Updated 01/30/2015 11:02 AM
On January 27, 2015, Qualys Security Advisory announced CVE-2015-0235.

Description
The Ghost vulnerability is in the GNU C Library (glibc), core part of Linux OS. It exploits a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This vulnerability can be triggered both locally and remotely via all the gethostbyname*() functions. Depending on the way this function is called, and the attacker’s ability to supply the arguments, it is possible for an attacker to gain control of the compromised system, bypassing all existing protections without having any prior knowledge of system credentials.

Affected Versions
Infoblox NIOS and Network Automation products do not use this function in ways that are exploitable in the manner described in this vulnerability and therefore these Infoblox products are not considered to be vulnerable to this attack.  
 
Impact
Infoblox NIOS and Network Automation products are not affected.
 
Recommendation
There is no need for action. Infoblox will update the glibc to address this vulnerability in regularly scheduled patches as a matter of best practice.