Cybersecurity Alert: GNU glibc Vulnerability Discovered That May Impact Many Products

February 19, 2016

Threat Summary

On February 16, 2016, Google Research and others announced a GNU C library (glibc) vulnerability that potentially affects countless software products. Google published a blog post containing further technical details of the vulnerability.

This vulnerability could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition or execute arbitrary code on an affected system.

Cisco®, RedHat, and Ubuntu, in addition to other popular vendors, released "High" priority alerts regarding this vulnerability. Most vendors are still determining which products are affected, and we expect these vendors to confirm that products are not affected and/or to release software patches for any affected products.

For details on the glibc vulnerability, see the National Institute of Standards and Technology's vulnerability details.

Affected Products

This vulnerability affects glibc versions 2.9 and later. In particular, glibc is widely used across Linux/Unix-based software. In addition, software that performs domain resolution and that uses a version of glibc that was affected at the time the software was created may be impacted. We expect that a significant amount of networking and server software could be impacted.

RedHathas released a patch for Linux systems running RHEL, and updates are similarly available for CentOS. Ubuntu has also posted a patch.

Most major networking device manufacturers have released or are expected to release guidance on whether products are impacted, as these often run off Linux or Linux variants. We recommend checking the latest support sites for your vendors to determine if any of their products are impacted and if a patch is available. The following vendors have made announcements regarding the glibc vulnerability:

  • Ciscois currently investigating which of its products incorporate the affected glibc versions and will update its security advisory as products are identified. ASA devices are still under investigation.
  • Sophos - Sophos UTM XG Firewall and Sophos UTM Manager may be impacted with patches expected by March 3, 2016.
  • F5 Networks released details that certain products may be vulnerable and should be patched.
  • Juniper Networks - ScreenOS and Junos devices do not appear to be impacted.
  • Dell SonicWALL does not believe any of their products are impacted.
  • Check Point Software confirmed that most of their products are not vulnerable.

Major intrusion detection providers have released definitions to detect and prevent attacks. Palo Alto Networks released Content Update #560 to help mitigate and detect potential exploitation.

ACA Aponix Recommendation

ACA Aponix recommends periodically checking with key vendors on whether their products/software are impacted and if a patch needs to be applied. Further details about this vulnerability and impacted products should become available in the coming days.

Additionally, ACA Aponix recommends ensuring the latest IDS/IPS definition updates are applied to help detect and mitigate the exploitation of an attack.

Please reach out to us if you have any questions: info@acaaponix.com