Skip to Main Content
Utimaco Homepage
Register
Sign In
HSM Simulator
Support
Support
Documentation
Open a RMA Case
Security Advisories
CVE-2015-0235 aka "GHOST"
Security Advisories
Security Advisories and Updates
CVE-2015-0235 aka "GHOST"
Eric Barmeyer
Published Date
9 Years Ago - 20444 Views
Utimaco has become aware of vulnerability
CVE-2015-0235
aka "GHOST" affecting “gethostbyname” functions of Linux library glibc. Analysis of the impact of GHOST on Utimaco HSM products has led to the following conclusions:
Utimaco’s “CryptoServer LAN” appliances embed a vulnerable version of glibc. The GHOST vulnerability cannot be exploited due to the intentionally limited functionality of the CryptoServer LAN hardened Operating System and further mitigating factors.
Furthermore, some tools and libraries delivered with Utimaco’s HSM product packages call the affected gethostbyname() function. These software modules load glibc dynamically at runtime. Although keys stored inside the HSM cannot be retrieved by an attacker, he might gain access to other data if the host computer relies on an affected version of glibc. We therefore strongly recommend upgrading host systems to glibc version 2.18 or above.
More Blog Entries
CVE-2015-0235 aka "GHOST"
Eric Barmeyer
30 Sep
Hidden