A vulnerability has been recently disclosed in the glibc gethostbyname() function used by some Linux and Linux-based operating systems. This vulnerability could potentially allow an attacker to inject code into a process that calls the vulnerable function
Critical
PLYGN15-01
01/29/2015
03/11/2022
Poly
CVE-2015-0235, aka “GHOST”
A heap-based buffer overflow was found in the __nss_hostname_digits_dots function of glibc 2.2, and other 2.x versions before 2.18, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker could potentially inject code into a process that calls the vulnerable functions to execute arbitrary code.
CVE ID |
CVS 3.0 |
Severity |
Vector |
---|---|---|---|
CVE-2015-0235 |
10 |
Critical |
CVSS: 2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C |
Learn more about CVSS 3.0 base metrics, which range from 0 to 10.
Insert the Solution section information here.
Although there may be multiple attack vectors by which this vulnerability can be exploited, it seems to be challenging to exploit. Poly products do not make typical use of the most likely vectors of attack: MTAs, web-reachable diagnostic tools, or client applications such as web browsers.
Exploitation of this glibc vulnerability would require that a program on your Poly device performs a lookup of a host name provided by an attacker via a compromised DNS server.
The lookup would need to be done in a very particular manner and must lack some commonly employed sanity checks. Further, gethostbyname () functions have been obsoleted within
IPv6-supported applications by way of the getaddrinfo () call. We are continuing to investigate whether this completely mitigates the impact of this vulnerability on certain Poly devices.
An effective mitigation strategy will incorporate techniques both from within the product and within the deployment architecture. Steps that may be taken include but are not limited to: Protect your systems from corrupted outside servers via network firewalling or separation. Protect your systems from unauthorized access with named accounts and complex passwords. Use firewalls or VLAN’s to limit scope of name lookups. Use IP addresses rather than names where possible. Use IPv6 where possible.
There is no workaround.
Identify the affected products for this issue.
PRODUCT |
STATUS |
---|---|
Media Manager – All Versions |
Not Vulnerable |
CX5000 – All Versions |
Not Vulnerable |
Video Border Proxy (VBP) – All Versions |
Patches available - 11.2.23 and 14.2.0.1 |
CX Product Line, All Other Video Versions |
Not Vulnerable |
RealPresence Desktop – All Versions |
Fix coming in 3.5 - December |
Group Series – All Versions |
Not Vulnerable |
Real Presence Capture Server |
Fix coming in 2.5 |
RealPresence Access Director (RPAD) – All Versions |
Web Fixed in 4.2.1, SSH can be disabled with future fix coming |
CloudAXIS MEA – All Versions |
Fix coming in 2.1 – December |
CloudAXIS WSP – All Versions |
Fix coming in 2.1 - December |
Platform Director – All Versions |
Fixed in 2.0 |
HDX – All Versions |
Not Vulnerable |
RealPresence Resource Manager (RPRM) |
Fix coming in 9.0* - December |
RSS 4000 – All Versions |
Investigating |
Distributed Media Application (DMA) – All Versions |
Web UI not vulnerable, SSH can be disabled with future fix coming in 9.0* |
Content Sharing Suite Client/Server – All Versions |
Fix coming in 1.5.1 - December |
RealPresence Collaboration Server (RMX) – All Versions |
Fix available in 8.6.2 and 8.5.4 |
RealPresence Mobile – All Versions |
Fix coming in 3.5 - December |
UC Phones – VVX - All Versions |
Not Vulnerable |
UC Phones – SPIP & SSIP – All Versions |
Not Vulnerable |
This document has been revised according to the following information.
Version |
Description |
Date |
---|---|---|
3.0 |
44631 |
Format Changes |
2.0 |
42300 |
Final – Updated fixed status on all products |
1.9 |
42143 |
Updated fix and release information |
1.8 |
42124 |
Updated fix and release information |
1.7 |
42114 |
Updated fix and release information |
1.6 |
42104 |
Updated fix and release information |
1.5 |
42079 |
Updated fix and release information |
1.4 |
42062 |
RPAD returned to NOT VULNERABLE, better detail on phones |
1.3 |
42059 |
Many Products Added; Some Edits |
1.2 |
42039 |
New Products Added |
1.1 |
NA |
Unpublished |
1.0 |
42033 |
Original publication |
Follow these links for additional information.
Third-party security patches that are to be installed on systems running Poly software products should be applied in accordance with the customer's patch management policy.
Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.
To view released Security Bulletins, visit https://support.hp.com/security-bulletins.
It is strongly recommended that security related information being communicated to HP be encrypted using PGP, especially exploit information.
©2022 Plantronics, Inc. All rights reserved.
TrademarksPoly, the propeller design, and the Poly logo are trademarks of Plantronics, Inc. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Poly.
DisclaimerWhile Poly uses reasonable efforts to include accurate and up-to-date information in this document, Poly makes no warranties or representations as to its accuracy. Poly assumes no liability or responsibility for any typographical errors, out of date information, or any errors or omissions in the content of this document. Poly reserves the right to change or update this document at any time. Individuals are solely responsible for verifying that they have and are using the most recent Technical Bulletin.
Limitation of LiabilityPoly and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Poly and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Poly has been advised of the possibility of such damages.