Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.105264
Category:Palo Alto PAN-OS Local Security Checks
Title:Palo Alto PAN-OS PAN-SA-2015-0002
Summary:The open source library 'glibc' has been;found to contain a recently discovered vulnerability (CVE-2015-0235, commonly;referred to as 'GHOST') that has been demonstrated to enable remote code;execution in some software. Palo Alto Networks software makes use of the;vulnerable library, however there is no known exploitable condition in PAN-OS;software enabled by this vulnerability at the time of this advisory. An update;to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly;scheduled software maintenance update. (Ref # 74443)
Description:Summary:
The open source library 'glibc' has been
found to contain a recently discovered vulnerability (CVE-2015-0235, commonly
referred to as 'GHOST') that has been demonstrated to enable remote code
execution in some software. Palo Alto Networks software makes use of the
vulnerable library, however there is no known exploitable condition in PAN-OS
software enabled by this vulnerability at the time of this advisory. An update
to PAN-OS will be made available that addresses CVE-2015-0235 in a regularly
scheduled software maintenance update. (Ref # 74443)

Vulnerability Impact:
An attacker can exploit this issue to execute arbitrary code in the
context of the affected application. Failed exploit attempts may crash the application, denying service
to legitimate users.

Affected Software/OS:
PAN-OS versions prior to PAN-OS 7.0.1

Solution:
Please ask the vendor for a patch or workaround

CVSS Score:
10.0

CVSS Vector:
AV:N/AC:L/Au:N/C:C/I:C/A:C

Cross-Ref: BugTraq ID: 72325
Common Vulnerability Exposure (CVE) ID: CVE-2015-0235
http://lists.apple.com/archives/security-announce/2015/Jun/msg00002.html
http://lists.apple.com/archives/security-announce/2015/Sep/msg00008.html
http://lists.apple.com/archives/security-announce/2015/Oct/msg00005.html
http://www.securityfocus.com/bid/72325
BugTraq ID: 91787
http://www.securityfocus.com/bid/91787
Bugtraq: 20150127 GHOST gethostbyname() heap overflow in glibc (CVE-2015-0235) (Google Search)
http://seclists.org/oss-sec/2015/q1/269
Bugtraq: 20150127 Qualys Security Advisory CVE-2015-0235 - GHOST: glibc gethostbyname buffer overflow (Google Search)
http://seclists.org/oss-sec/2015/q1/274
Bugtraq: 20150311 OpenSSL v1.0.2 for Linux affected by CVE-2015-0235 (Google Search)
http://www.securityfocus.com/archive/1/534845/100/0/threaded
Bugtraq: 20190613 SEC Consult SA-20190612-0 :: Multiple vulnerabilities in WAGO 852 Industrial Managed Switch Series (Google Search)
https://seclists.org/bugtraq/2019/Jun/14
Cisco Security Advisory: 20150128 GNU glibc gethostbyname Function Buffer Overflow Vulnerability
http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20150128-ghost
Debian Security Information: DSA-3142 (Google Search)
http://www.debian.org/security/2015/dsa-3142
http://seclists.org/fulldisclosure/2015/Jan/111
http://seclists.org/fulldisclosure/2019/Jun/18
http://seclists.org/fulldisclosure/2021/Sep/0
https://security.gentoo.org/glsa/201503-04
HPdes Security Advisory: HPSBGN03247
http://marc.info/?l=bugtraq&m=142296726407499&w=2
HPdes Security Advisory: HPSBGN03270
http://marc.info/?l=bugtraq&m=142781412222323&w=2
HPdes Security Advisory: HPSBGN03285
http://marc.info/?l=bugtraq&m=142722450701342&w=2
HPdes Security Advisory: HPSBHF03289
http://marc.info/?l=bugtraq&m=142721102728110&w=2
HPdes Security Advisory: HPSBMU03330
http://marc.info/?l=bugtraq&m=143145428124857&w=2
HPdes Security Advisory: SSRT101937
HPdes Security Advisory: SSRT101953
http://www.mandriva.com/security/advisories?name=MDVSA-2015:039
http://packetstormsecurity.com/files/130171/Exim-ESMTP-GHOST-Denial-Of-Service.html
http://packetstormsecurity.com/files/130768/EMC-Secure-Remote-Services-GHOST-SQL-Injection-Command-Injection.html
http://packetstormsecurity.com/files/130974/Exim-GHOST-glibc-gethostbyname-Buffer-Overflow.html
http://packetstormsecurity.com/files/153278/WAGO-852-Industrial-Managed-Switch-Series-Code-Execution-Hardcoded-Credentials.html
http://packetstormsecurity.com/files/164014/Moxa-Command-Injection-Cross-Site-Scripting-Vulnerable-Software.html
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt
http://www.openwall.com/lists/oss-security/2021/05/04/7
RedHat Security Advisories: RHSA-2015:0126
http://rhn.redhat.com/errata/RHSA-2015-0126.html
http://www.securitytracker.com/id/1032909
http://secunia.com/advisories/62517
http://secunia.com/advisories/62640
http://secunia.com/advisories/62667
http://secunia.com/advisories/62680
http://secunia.com/advisories/62681
http://secunia.com/advisories/62688
http://secunia.com/advisories/62690
http://secunia.com/advisories/62691
http://secunia.com/advisories/62692
http://secunia.com/advisories/62698
http://secunia.com/advisories/62715
http://secunia.com/advisories/62758
http://secunia.com/advisories/62812
http://secunia.com/advisories/62813
http://secunia.com/advisories/62816
http://secunia.com/advisories/62865
http://secunia.com/advisories/62870
http://secunia.com/advisories/62871
http://secunia.com/advisories/62879
http://secunia.com/advisories/62883
CopyrightThis script is Copyright (C) 2015 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.