Still have questions?
- Contact our Support team.
- VersionOne Application Vulnerability Scan Repository
- Was VersionOne affected by Cisco ASA Software IKEv1 and IKEv2 Buffer Overflow Vulnerability?
- Was VersionOne affected by the Adobe Flash Security Vulnerability?
- Was VersionOne affected by the FREAK SSL/TLS Vulnerability CVE-2015-0204
- Was VersionOne affected by the Heartbleed security vulnerability?
GHOST is a 'buffer overflow' bug affecting the
gethostbyname2() function calls in the glibc library. This vulnerability allows a remote attacker that is able to make an application call to either of these functions to execute arbitrary code with the permissions of the user running the application.
gethostbyname() function calls are used for DNS resolving, which is a very common event. To exploit this vulnerability, an attacker must trigger a buffer overflow by supplying an invalid hostname argument to an application that performs a DNS resolution.
The VersionOne application itself does not run on Unix or Linux based servers, therefore the application is not impacted. In our hosting environment, we utilize F5 BIG-IP LTM load balancers version 10.2.4. The F5's are only accessible by Rackspace personnel over a secure network. The F5 vendor is currently working on a patch to remediate the glbic vulnerability CVE-2015-0235. Once the patch is provided, Rackspace will update the load balancers accordingly.
F5 Support Link: https://support.f5.com/kb/en-us/solu.../sol16057.html