CVE-2015-0235 GHOST: glibc vulnerability
Description
The open source library “glibc” has been found to contain a recently discovered vulnerability (CVE-2015-0235, commonly referred to as “GHOST”) that has been demonstrated to enable remote code execution in some software. Palo Alto Networks software makes use of the vulnerable library, however there is no known exploitable condition in PAN-OS software enabled by this vulnerability at the time of this advisory. An update to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly scheduled software maintenance update. (Ref # 74443)
The exploitability of CVE-2015-0235 on vulnerable systems is highly dependent on the architecture and design surrounding use of the vulnerable functions within the system, and exploitable conditions found across various open source software libraries have so far been exceedingly rare. At the time of this advisory, Palo Alto Networks is not aware of any specific remotely exploitable condition enabled by this vulnerability that affects any Palo Alto Networks products.
This issue affects PAN-OS versions prior to PAN-OS 7.0.1
Product Status
Versions | Affected | Unaffected |
---|---|---|
PAN-OS 7.0 | None | >= 7.0.1 |
Severity: NONE
CVSSv3.1 Base Score: 0 (CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:N/I:N/A:N)
Weakness Type
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
Solution
PAN-OS 7.0.1
Workarounds and Mitigations
N/A