|Name||Ghost Vulnerability Affects Linux Systems|
|First Publish Date||28-Jan-15|
|Description||A vulnerability in a Linux system library has been reported. Linux is one of the operating systems that many equipment manufacturers use inside their devices. The reported vulnerability allows attackers to remotely execute code (and potential malicious code) on systems which have not been patched. Such code has been shown to bypass all existing exploit protections available on both 32-bit and 64-bit systems. This vulnerability has been named “Ghost” by some researchers.|
|Status Report Number||Third Status Report published 25-Feb-15|
|What You Need To Know?||
The Ghost vulnerability carries the designation of CVE-2015-0235. It takes advantage of a weakness in a specific Linux operating system library (glibc) that interacts with the Domain Name System (DNS). A patch was issued two years ago but most Linux versions used in production systems remained unprotected. Patching requires a system restart so some servers may remain vulnerable for some time to come.
Please note that this vulnerability is extremely difficult to exploit and so far only one application, Exim (a mail transfer agent), has been shown to be exploitable. It’s possible others may be identified, however. Exploit code for Exim has not yet been published but is expected to be in the future. Although many network-facing applications screen URLs prior to using them, patching the glibc library is still recommended.
|What is Xerox Doing About This?||Xerox is continuing to monitor the situation and has completed an investigation of its devices. Patches will be made available shortly for all affected equipment (see below).|
|Potential Impact||While Xerox does use the Linux operating system in some cases, we do not use Exim on our devices and it is not possible to install it on any Xerox device. At the present time, this is a limited vulnerability for our devices. Patching is still recommended, however.|
|What Should You Do?||Anyone with a Linux client or server should check with your IT department or operating system provider for an update to your installed glibc library. Xerox recommends that all devices be connected to a firewall or router and not directly connected to the public Internet.
Please check back here for additional vulnerability and patch availability information on specific devices. We will update Ghost Vulnerability & Xerox Device Status Document as changes to patch availability occur.
nce a patch is available for your Xerox device you should follow the instructions to obtain and install the patch. Please refer to Ghost Vulnerability & Xerox Device Status Document for information on when those patches will be available.