|Name||Ghost Vulnerability Affects Linux Systems|
|First Publish Date||28-Jan-15|
|Description||A vulnerability in a Linux system library has been reported. Linux is one of the operating systems that many equipment manufacturers use inside their devices. The reported vulnerability allows attackers to remotely execute code (and potential malicious code) on systems which have not been patched. Such code has been shown to bypass all existing exploit protections available on both 32-bit and 64-bit systems. This vulnerability has been named “Ghost” by some researchers.|
|Status Report Number||Status Report Three; 16-Feb-15|
|What You Need To Know?||
The Ghost vulnerability carries the designation of CVE-2015-0235. It takes advantage of weaknesses in the Linux glibc library software that interacts with the Domain Name System (DNS). A patch was issued two years ago but most Linux versions used in production systems remained unprotected. Patching requires a system restart so some servers may remain vulnerable for some time to come.
Please note that this vulnerability is extremely difficult to exploit and so far only one application, Exim (a mail transfer agent), has been shown to be exploitable. It’s possible others may be identified, however. Exploit code for Exim has not yet been published but is expected to be in the future. Although many network-facing applications screen URLs prior to using them, patching the glibc library is still recommended.
While Xerox does use the Linux operating system, we do not use Exim on our devices and it is not possible to install it on a Xerox Device. At the present time, this is a limited vulnerability for our devices.
|What is Xerox Doing About This?||Xerox is continuing to monitor the situation and has completed a preliminary investigation of its devices. We are working with our suppliers to obtain the necessary patches, which we then integrate and test prior to releasing updates for those affected devices.|
|Potential Impact||A Ghost Vulnerability & Xerox Device Status Document, listing out Xerox devices and their vulnerability status is available here.|
|What Should You Do?||Anyone with a Linux client or server should check with your distribution for updates to your installed glibc. Customers with Xerox devices should take steps to isolate them from the open Internet if they haven’t done so already.
Please check back here for additional vulnerability and patch availability information on specific devices. We will update Ghost Vulnerability & Xerox Device Status Document as changes to vulnerability status or patch availability occurs.
Once a patch is available for your Xerox device you should follow the instructions to obtain and install the patch. Please refer to Ghost Vulnerability & Xerox Device Status Document.