phazey Posted January 28, 2015 Share Posted January 28, 2015 Time to start patching guys... http://www.openwall.com/lists/oss-security/2015/01/27/9 http://www.theregister.co.uk/2015/01/27/glibc_ghost_vulnerability/ Link to comment Share on other sites More sharing options...
jcisco Posted January 29, 2015 Share Posted January 29, 2015 I wouldn't be jumping around too much on this one. Link to comment Share on other sites More sharing options...
phazey Posted January 29, 2015 Author Share Posted January 29, 2015 We would. Link to comment Share on other sites More sharing options...
phazey Posted January 29, 2015 Author Share Posted January 29, 2015 FWIW about 1.2 million servers rebooted last night Link to comment Share on other sites More sharing options...
jcisco Posted January 29, 2015 Share Posted January 29, 2015 Do you have a list of resources that you have come across that you've confirmed as impacted. Any hardware, package, libraries etc would be handy to know what your confirming firsthand in your environment. I couldn't care less if they are affected simply by use or presence of gnu and if the resource is not something I'm likely to see such as internal software. Just specific items requiring mitigating. Link to comment Share on other sites More sharing options...
phazey Posted January 29, 2015 Author Share Posted January 29, 2015 http://www.openwall.com/lists/oss-security/2015/01/27/18 My peers at Kaspersky and FSecure express the same concerns. ANYTHING that runs Linux, especially on the border needs to be patched. Out global threat management console started pinging about 30 hours ago - I'm on call, it's been a shit week..... Link to comment Share on other sites More sharing options...
jcisco Posted February 2, 2015 Share Posted February 2, 2015 http://www.openwall.com/lists/oss-security/2015/01/27/18 My peers at Kaspersky and FSecure express the same concerns. ANYTHING that runs Linux, especially on the border needs to be patched. Out global threat management console started pinging about 30 hours ago - I'm on call, it's been a shit week..... . Fortunately not exposed any of the prime suspects and definitely not on the edge, bar one vm appliance. I'm interested to see if someone manages to find some effective targets for remote attack pre 0day. At this point not hearing anyone saying anything special happening then again I'm not in any part of the industry or scene. Just a lowly human packet black hole Link to comment Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now