SA40021 - GHOST glibc gethostbyname() buffer overflow (CVE-2015-0235)

A buffer overflow vulnerability has been discovered in the glibc library. This issue is known as CVE-2015-0235 and is commonly referred to as "GHOST". The issue was found in the gethostbyname() and gethostbyname2() functions in within the glibc library. If vulnerable, this issue could potentially allow an attacker to gain remote code execution with the privilege of the user of the exploited application or service.

 

Product	Status
Pulse Connect Secure	Not Vulnerable
Pulse Policy Secure	Not Vulnerable
Pulse Secure Desktop client (Windows & Mac OS X)	Not Vulnerable
Network Connect for Windows and Mac OS X	Not Vulnerable
Network Connect for Linux	Not Vulnerable *As long as the client operating system is patched to resolve the ghost issue
Installer Service	Not Vulnerable
Pulse Secure Mobile (Android and iOS)	Not Vulnerable
Odyssey Access Client	Not Vulnerable
SBR Enterprise Edition	Not Vulnerable *As long as the client operating system is patched to resolve the ghost issue

Document history:
Jan. 28th, 2015 01:00PM PT- Initial document posting
Jan. 28th, 2015 02:30PM PT- Updated product information
Mar. 8th, 2015 11:45AM PT- Updated product status
Mar. 25th, 2015 09:00AM PT - Updated Network Connect for Linux and SBR Enterprise Edition status.