Is Netreo vulnerable to the Ghost exploit?

In January 2015, Qualys announced the existence of security vulnerability CVE-2015-0235 (also known as Ghost) in one of the underlying libraries that is used in almost all Linux-based operating systems.

This is a serious vulnerability in one of the most central software libraries in Linux and Unix (glibc), and affects almost all executable programs that use DNS or name lookups. A remote attacker able to call either of the compromised functions could exploit the flaw to execute arbitrary code with the permissions of the user running the application.

In a later post, Qualys researchers enumerated applications they believed were not vulnerable. Those apps include Apache, OpenSSH, and Postfix, which are the only applications used by Netreo that are accessible over the network.

Based on our most current testing and research, as well as our “defense-in-depth” security implementation on the Netreo appliance, we believe that a standard deployment of Netreo is not vulnerable to this exploit at this time. However, it is possible as new information is discovered that novel ways to exploit the vulnerability may be found. For this reason, Netreo is preparing at the time of this writing (January 28, 2015) a software patch to replace the vulnerable libraries in all of the applications present on the Netreo software image. A notice will be emailed out to all customers on the Netreo Software Announcements mailing list as soon as a patch is available to install.

In practice, the risk of this type of exploit for Netreo customers is very low anyway, as Netreo is typically deployed behind the customer firewall and is not publicly accessible to outside attackers. Netreo also includes intrusion prevention technology to dynamically respond to attempts to gain unauthorized access. Please see the Netreo Appliance Security page for more information.

If you have any concerns, please feel free to contact Netreo Support.