Skip to content
  • There are no suggestions because the search field is empty.

ESA-2015-009: RSA Security Analytics and RSA NetWitness Security Update for GNU C Library GHOST Vulnerability and multiple Embedded Component Vulnerabilities

Tags: RSA NetWitness Platform, Security Advisories

Advisory Type

Security


Advisory Content

EMC Identifier: ESA-2015-009

CVE Identifier: CVE-2015-0235, CVE-2014-2532, CVE-2014-3185, CVE-2014-3513, CVE-2014-3567, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646, CVE-2014-3566, CVE-2014-6271, CVE-2014-8080, CVE-2014-8090, CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296

Severity Rating: CVSS v2 Base Score: See NVD (http://nvd.nist.gov/) for individual scores for each CVE

Affected products: 

  • RSA Security Analytics 10.4.x
  • RSA Security Analytics 10.3.x
  • RSA Security Analytics 10.2.x
  • RSA Security Analytics 10.1.x
  • RSA Security Analytics 10.0.x
  • RSA NetWitness 9.8.x
  • RSA NetWitness 9.7.x
  • RSA NetWitness 9.6.x


Summary:

The buffer overflow vulnerability in glibc (aka the ""GHOST"" vulnerability) could be potentially exploited remotely to run arbitrary code on RSA Security Analytics and RSA NetWitness systems. And multiple embedded components within RSA Security Analytics and RSA NetWitness also require a security update to address various vulnerabilities. 

Details: 

On January 27, 2015, a vulnerability was publicly announced in the Linux glibc library. The researchers at Qualys discovered a heap-based buffer overflow (also known as ""GHOST"" vulnerability) in  glibcs __nss_hostname_digits_dots() function, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker able to make an application call either of these functions could use this flaw to execute arbitrary code with the permissions of the user running the application.

This vulnerability has been assigned the Common Vulnerabilities and Exposures (CVE) ID CVE-2015-0235. The details for this vulnerability can be found using the link to Qualys Advisory https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

Multiple embedded components are updated for the following vulnerabilities:

  • Kernel: CVE-2014-3185, CVE-2014-3611, CVE-2014-3645, CVE-2014-3646
  • NTP: CVE-2014-9293, CVE-2014-9294, CVE-2014-9295, CVE-2014-9296
  • OpenSSL: CVE-2014-3513, CVE-2014-3567, CVE-2014-3566
  • Ruby: CVE-2014-8080, CVE-2014-8090
  • OpenSSH:CVE-2014-2532
  • GNU Bash: CVE-2014-6271

Recommendation:

RSA strongly recommends that Security Analytics and NetWitness customers install this release at the earliest opportunity. Please see the release notes for additional information.