GHOST - Linux Remote Code Execution CVE-2015-0235 0-day Vulnerability

On Tuesday, January 27th, a Linux Remote Code Execution Vulnerability was discovered in the GetHost function in certain Linux distributions. This is also known as the "GHOST glib gethostbyname" buffer overflow vulnerability, (CVE-2015-0235).

Palo Alto Networks has confirmed customers are protected against the exploitation of the GHOST buffer overflow vulnerability with IPS Signature ID #30384, "SMTP EHLO/HELO overlong argument anomaly” over SMTP, as is demonstrated in the proof of concept provided by Qualys in their writeup of the vulnerability. A successful attack could lead to remote code execution with the privileges of the server.

Palo Alto Networks customers with a Threat Prevention subscription are advised to verify that they are running the latest content version on their devices and the appropriate action set in their policies. If you have any questions about coverage for this advisory, please contact Support.

For more information on the vulnerability, see:

• http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235
• https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability