Patching for Linux glibc Ghost Vulnerability Completed

VikingVPN has completed a threat analysis and subsequent patch (if needed) of all systems related to the new Ghost vulnerability.

Our full analysis shows that none of our systems were vulnerable to attack on day 0.

Our web server does not utilize glibc. We also do not use PHP anywhere in the site. Our VPN servers have glibc present, and glibc is called by OpenVPN, but it does not use the vulnerable functions (gethostbyname, gethostbyname2). This means that the code related to the vulnerability is never used or executed by our systems.

We have updated the VPN servers to non-vulnerable versions of glibc as a precautionary measure.

Our final judgement is that no systems were vulnerable to the threat, and no risk to company or user data is or was present.

A more expansive article on the Ghost vulnerability will be posted to our Security Blog tonight.

< last
next >