000029506 - GNU C Library Buffer Overflow aka "GHOST" Vulnerability (CVE-2015-0235) in RSA products

Document created by RSA Customer Support Employee on Jun 14, 2016
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000029506
Applies ToAll RSA products
IssueOn January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at Qualys discovered a heap-based buffer overflow (also known as "GHOST" vulnerability) in glibc's __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could potentially use this flaw to execute arbitrary code with the permissions of the user running the application.
This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-0235. The details for this vulnerability can be found using the link to Qualys Advisory:
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
 
ResolutionRSA is aware of and investigating this issue to identify the product impact. The level of impact may vary depending on the affected product. The following table contains the latest available impact information. This table will be updated as additional information becomes available.
 


RSA Product NameVersionsImpacted?DetailsLast Updated
3D Secure / Adaptive Authentication eCommerceALL SupportedImpacted - Remediated 3/2/2015
Access ManagerALL SupportedNot impactedAccess Manager ships as software only

   and does not ship with Linux OS. 

   Follow OS vendor guidelines to

    patch underlying host
1/29/2015
Adaptive Authentication HostedALL SupportedImpacted - Remediated 3/2/2015
Adaptive Authentication On PremALL SupportedNot ImpactedAAoP is software only
   and does not ship with Linux OS.
   Follow OS vendor guidelines to
   patch underlying host
2/10/2015
Archer HostedN/AInvestigating  
Archer PlatformALL SupportedNot impactedArcher (Platform) ships as software only
   and does not support Linux OS
2/10/2015
Archer SecOpsALL SupportedNot impacted 1/28/2015
Archer Vulnerability & Risk Manager (VRM)ALL SupportedImpactedVRM is impacted only via
   Security Analytics Warehouse (SAW),
   please refer to SAW assessment
   and remediation
2/27/2015
Authentication Manager Software Platform6.1Not impacted 1/28/2015
Authentication Manager Software Platform7.1Not impacted 1/28/2015
Authentication Manager Appliance3.0.4ImpactedThe product contains the vulnerable version
   of glibc, but, based on RSA’s analysis, it is
   not believed to be exploitable.
   For details, refer to KB article 000029576
2/18/2015
Authentication Manager Appliance8.1.1 (and earlier)ImpactedThe product contains the vulnerable version
   of glibc, but, based on RSA’s analysis, it is
   not believed to be exploitable.
   For details, refer to KB article 000029576
2/18/2015
Authentication Manager Express1.0ImpactedThe product contains the vulnerable version
   of glibc, but, based on RSA’s analysis, it is
   not believed to be exploitable.
   For details, refer to KB article 000029576
2/18/2015
BSAFEALL SupportedNot impactedBSAFE ships as toolkit only

   and does not ship with Linux OS. 

   Follow OS vendor guidelines to

    patch underlying host
1/29/2015
Data Loss Protection9.5.x & 9.6.xImpactedThis issue has been resolved with
   patches for DLP 9.5.x and 9.6.x
3/25/2015
Data Protection Manager3.2.x & 3.5.xImpactedThis issue has been resolved with
   patches 3.2.4.4.1 and 3.5.2.3
3/17/2015
Digital Certificate SolutionALL SupportedNot impactedDCS ships as software only

   and does not ship with Linux OS. 

   Follow OS vendor guidelines to

    patch underlying host
1/29/2015
ECATALL SupportedNot impacted 1/29/2015
enVisionALL SupportedNot impacted 1/29/2015
Federated Identity ManagerALL SupportedNot impactedFIM ships as software only

   and does not ship with Linux OS. 

   Follow OS vendor guidelines to

    patch underlying host
1/29/2015
FraudActionALL SupportedInvestigating  
IMG (Aveksa) MyAccess LiveALL SupportedImpacted - Remediated 2/27/2015
IMG (Aveksa) On-Prem PlatformALL SupportedImpactedThis issue will be resolved with patches
   6.9.0 P03 (tentative target date early Mar)
   and 6.8.1 P13 (tentative target date late Mar)
2/27/2015
IMG (Aveksa) ApplianceALL SupportedImpacted -
   Remediated
Updated the patch appliance
   updater for download
1/30/2015
IMG (Aveksa) StealthAuditALL SupportedNot impacted 1/30/2015
Netwitness9.6.x, 9.7.x, 9.8.xImpacted - RemediatedThis issue has been resolved
   with Q4 2014 Security Patch
2/23/2015
Netwitness Informer1.xNot impacted 1/29/2015
RSA CentralALL SupportedImpactedRemediation plan in progress1/29/2015
RSA Live InfrastructureALL Supported
  

Impacted - 


  

Remediated


  
 1/29/2015
SecurID Agent for PAMALL SupportedNot impacted 1/28/2015
SecurID Agent for WebALL SupportedNot impacted 1/28/2015
SecurID Agent for WindowsALL SupportedNot impacted 1/28/2015
SecurID Authentication EngineALL SupportedNot impacted 1/29/2015
SecurID Authentication SDKALL SupportedNot impacted 1/28/2015
SecurID Software Token ConverterALL SupportedNot impacted 1/28/2015
SecurID Software Token for AndroidALL SupportedNot impacted 1/29/2015
SecurID Software Token for BlackberryALL SupportedNot impacted 1/29/2015
SecurID Software Token for DesktopALL SupportedNot impacted 1/28/2015
SecurID Software Token for iPhoneALL SupportedNot impacted 1/29/2015
SecurID Software Token for Windows MobileALL SupportedNot impacted 1/29/2015
SecurID Software Token ToolbarALL SupportedNot impacted 1/28/2015
SecurID Software Token Web SDKALL SupportedNot impacted 1/28/2015
SecurID Transaction Signing SDKALL SupportedNot impacted 1/28/2015
Security Analytics Platform
   Physical and Virtual Appliances
10.0.x-10.4.xImpacted - RemediatedThis issue has been resolved
   with Q4 2014 Security Patch
2/23/2015
Security Analytics Malware Analytics10.0.x-10.4.xImpacted - RemediatedThis issue has been resolved
   with Q4 2014 Security Patch
2/23/2015
Security Analytics Malware CloudN/A
  

Impacted - 


  

Remediated


  
 1/29/2015
Security Analytics (Windows Legacy Collector)10.0.x-10.4.xNot impacted  
Security Analytics Warehouse (DCA Pivotal) ImpactedPlease follow guidance from Pivotal1/29/2015
Security Analytics Warehouse (MapR) Impacted - RemediatedThis issue has been resolved
   with Q4 2014 Security Patch
2/23/2015
Spectrum1.xImpacted - RemediatedThis issue has been resolved
   with Q4 2014 Security Patch
2/23/2015
Web Threat Detection (Silvertail)ALL SupportedNot ImpactedWTD is a software application
   and does not ship with Linux OS.
   Follow OS vendor guidelines to
   patch underlying host
2/10/2015

NotesDisclaimer
Read and use the information in this RSA Security Advisory to assist in avoiding any situation that might arise from the problems described herein. If you have any questions regarding this product alert, contact RSA Software Technical Support at 1- 800 995 5095. RSA Security LLC distributes RSA Security Advisories, in order to bring to the attention of users of the affected RSA products, important security information. RSA recommends that all users determine the applicability of this information to their individual situations and take appropriate action. The information set forth herein is provided 'as is' without warranty of any kind. RSA disclaims all warranties, either express or implied, including the warranties of merchantability, fitness for a particular purpose, title and non-infringement. In no event, shall RSA or its suppliers, be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if RSA or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages, so the foregoing limitation may not apply.

Attachments

    Outcomes