Ghost – glibc gethostbyname* buffer overflow

In case you missed it, on January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name �Ghost.� The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately. The security blog at VMware released a blog post […]]> In case you missed it, on January 27th, 2015 a buffer overflow vulnerability in the glibc gethostbyname() function was disclosed. The issue is identified by CVE-2015-0235 and was given the name �Ghost.�

The VMware Security Engineering, Communications, and Response group (vSECR) began investigating this issue immediately.

The security blog at VMware released a blog post concerning this vulnerability, and a KB article was published:

VMware Response to CVE-2015-0235 – glibc gethostbyname buffer overflow, aka “Ghost� (2105862).

VMware has an established software security engineering group that integrates these techniques into the software development cycle, provides security expertise, guidance on the latest security threats and defensive techniques, and training within the development organization. This group is also responsible for driving VMware products through external security accreditations and certifications.

Many VMware products, including vSphere™, VMware vCenter™ Server, and vCloud Networking and Security (vCNS) have achieved Common Criteria certification under the Common Criteria Evaluation and Certification Scheme (CCS).Common Criteria is an international set of guidelines (ISO 15408) that provides a common framework for evaluating security features and capabilities of Information Technology (IT) security products.

For more information, visit VMware’s Common Criteria and FIPS-140 Certifications.

from VMware Blogs http://bit.ly/1zX8kFE