Palo Alto Networks PAN-OS <= 5.0.15 / 6.0.x <= 6.0.8 / 6.1.x <= 6.1.2 GNU C Library (glibc) Buffer Overflow (GHOST)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote host is affected by a buffer overflow vulnerability.

Description :

The remote host is running a version of Palo Alto Networks PAN-OS
equal to or prior to 5.0.15 / 6.0.8 / 6.1.2. It is, therefore,
affected by a heap-based buffer overflow in the GNU C Library (glibc)
due to improperly validating user-supplied input in the glibc
functions __nss_hostname_digits_dots(), gethostbyname(), and
gethostbyname2(). This allows a remote attacker to cause a buffer
overflow, resulting in a denial of service condition or the execution
of arbitrary code.

See also :

https://securityadvisories.paloaltonetworks.com/Home/Detail/29
http://www.nessus.org/u?c7a6ddbd

Solution :

The vendor has not yet provided a patch at this time (2015/03/10).

Please contact the vendor regarding a patch or workaround.

Risk factor :

High / CVSS Base Score : 7.6
(CVSS2#AV:N/AC:H/Au:N/C:C/I:C/A:C)
CVSS Temporal Score : 6.3
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: Palo Alto Local Security Checks

Nessus Plugin ID: 81167 ()

Bugtraq ID: 72325

CVE ID: CVE-2015-0235

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now