search cancel

Symantec Encryption Management Server Impacted by “GHOST" (CVE-2015-0235)

book

Article ID: 161768

calendar_today

Updated On:

Products

Encryption Management Server

Issue/Introduction

Are Symantec Encryption products impacted by the “GHOST" vulnerability (CVE-2015-0235). None of the Symantec Encryption client products are vulnerable, and neither is the Symantec Endpoint Encryption Server.

However, Symantec Encryption Management servers could potentially be affected by the “GHOST” vulnerability in specific circumstances. We will be addressing that possibility in the next release.

While the product currently ships with a vulnerable version of the component, extensive testing has shown that we are not directly susceptible. Any attempt would require execution of a very specific set of steps, as well as relying on social engineering, to be successful.

Resolution

The Encryption Product Group plans to include the updated version of the glibc packages in the next maintenance pack release of the software (Symantec Encryption Management Server version 3.3.2 MP8).