CMC Responds to “GHOST” Vulnerability (CVE-2015-0235)

A note from CMC Director of Information Security, Arthur Haigh

Wilmington, DE, January 28, 2015 – On Tuesday, January 27th, a critical vulnerability affecting all variants of the Linux operating system was announced (Linux Ghost Remote Code Execution Vulnerability US-CERT). The risk of exploitation on CMC systems is low.

This vulnerability, CVE-2015-0235, is being referred to as the GHOST vulnerability. If exploited attackers could use this flaw to execute code and remotely gain control of Linux machines. Risk to CMC systems is low as CMC has multiple compensating controls and defenses in place to prevent unauthorized access to our systems and prevent exploitation of this vulnerability. Despite this, CMC engineers have already begun applying the patch to affected systems. We will continue this patching effort with the highest priority, while minimizing the client-facing impact to our software and services.

For further information about CMC’s capabilities, please contact your CMC Account Manager directly or via clientservices@cmcagile.com or Joel Rickman via jrickman@cmcagile.com