PRODUCTS

Sophos products and the GHOST vulnerability affecting Linux

In the last couple of days, a widespread Linux vulnerability known as GHOST has been receiving a lot of attention in the security community. In theory, this vulnerability can allow an attacker to remotely execute code on a Linux computer. There is already proof of concept code that puts this theory into practice, and it is expected that real world attacks are just around the corner.

The Sophos product teams have been thoroughly investigating to determine which of our products are affected and what is necessary to address those that are.

Many Sophos products do not use Linux, or the glibc software at the heart of the vulnerability, and are therefore unaffected. This includes Sophos Endpoint Protection (Antivirus) for Windows, Mac and Unix; Secure Email Gateway; PureMessage for Microsoft Exchange; Mobile Control and likely others that we are still verifying.

However, Sophos UTM, Sophos UTM Manager (SUM), Secure Web Gateway, Sophos Secure OS for AWS, the Sophos Cloud management infrastructure, and the SAV for vShield virtual appliance are all built on the Linux platform and include the glibc software that is responsible for the vulnerability.

The extent to which this vulnerability can be exploited varies from product to product. In all cases, the product teams are working quickly to update vulnerable software. For information about update availability, see this knowledgebase article. The new Up2Date package for Sophos UTM 9.3 introduces several fixes to our current UTM platform, including an update for glibc to fix potential vulnerability (GHOST, CVE-2015-0235). Please read the article here.

Our products that customers install and run on their own installations of Linux (e.g., SAV for Linux, PureMessage for Unix) are not believed to introduce a vulnerability. However, the customer’s underlying Linux system may be vulnerable. Customers are encouraged to test and install vendor-supplied security patches for their Linux distributions to protect against GHOST and other vulnerabilities.

SophosLabs is monitoring for methods and attacks targeting this vulnerability and will use the full capabilities of our product line to deliver protection for customers.

Please see this knowledgebase article for the latest information on which products and versions are affected and what, if any, actions are required for customers to remain secure. To learn more about the GHOST vulnerability, read the excellent write-up on Naked Security.

You can read the original article here.