Linux GHOST 漏洞說明
Infoblox系統不存在Linux GHOST (CVE-2015-0235)漏洞影響.
Infoblox KB#3581: NIOS and Network Automation products are not vulnerable to CVE-2015-0235
Published 01/28/2015 10:54 AM | Updated 01/30/2015 11:02 AM
On January 27, 2015, Qualys Security Advisory announced CVE-2015-0235.
The Ghost vulnerability is in the GNU C Library (glibc), core part of Linux OS. It exploits a buffer overflow in the __nss_hostname_digits_dots() function of glibc. This vulnerability can be triggered both locally and remotely via all the gethostbyname*() functions. Depending on the way this function is called, and the attacker’s ability to supply the arguments, it is possible for an attacker to gain control of the compromised system, bypassing all existing protections without having any prior knowledge of system credentials.
Infoblox NIOS and Network Automation products do not use this function in ways that are exploitable in the manner described in this vulnerability and therefore these Infoblox products are not considered to be vulnerable to this attack.
Infoblox NIOS and Network Automation products are not affected.
There is no need for action. Infoblox will update the glibc to address this vulnerability in regularly scheduled patches as a matter of best practice.