As of August 29, 2022, HP Inc. completed the acquisition of Poly. For HP product support, please visit the HP Customer Support site.
Vulnerability Summary
A vulnerability has been recently disclosed in the glibc gethostbyname() function used by some Linux and Linux-based operating systems. This vulnerability could potentially allow an attacker to inject code into a process that calls the vulnerable function.
Details
CVE-2015-0235, aka “GHOST”
A heap-based buffer overflow was found in the __nss_hostname_digits_dots function of glibc 2.2, and other 2.x versions before 2.18, which is used by the gethostbyname() and gethostbyname2() glibc function calls. A remote attacker could potentially inject code into a process that calls the vulnerable functions to execute arbitrary code.
Published
Last Update: 3/11/2022
Initial Public Release: 1/29/2015
Advisory ID: PLYGN15-01
CVE ID: CVE-2015-0235
CVSS Score: 10.0
CVSS: 2.0/AV:N/AC:L/Au:N/C:C/I:C/A:C
Product Affected
PRODUCT |
STATUS |
Media Manager – All Versions |
Not Vulnerable |
CMAD (CMA Desktop) – All Versions |
Not Vulnerable |
CX5000 – All Versions |
Not Vulnerable |
Video Border Proxy (VBP) – All Versions |
FIXED – version 11.2.22 |
CX Product Line, All Other Video Versions |
Not Vulnerable |
RealPresence Desktop – All Versions |
Not Vulnerable |
Group Series – All Versions |
Not Vulnerable |
Capture Station – All Versions |
Not Vulnerable |
RealPresence Access Director (RPAD) – All Versions |
Not Vulnerable |
CloudAXIS MEA – All Versions |
Not Vulnerable |
CloudAXIS WSP – All Versions |
FIXED – version 1.7.0 |
Platform Director – All Versions |
FIXED – version 2.0 |
HDX – All Versions |
FIXED – version 3.1.7 |
RealPresence Resource Manager (RPRM) |
FIXED – version 8.3.1 |
RSS 4000 – All Versions |
FIXED – version 8.5.3 |
Distributed Media Application (DMA) – All Versions |
FIXED – version 6.2.1 and 6.1.3 |
Capture Server |
FIXED – version 2.0 |
Content Sharing Suite Client/Server – All Versions |
FIXED – version 1.5 |
RealPresence Collaboration Server (RMX) – All Versions |
FIXED – 8.4.2 Hotfix available from support |
RealPresence Mobile – All Versions |
Not Vulnerable |
UC Phones – VVX - All Versions |
FIXED – UCS 5.3 |
UC Phones – SPIP & SSIP – All Versions |
Not Vulnerable |
Solution
Although there may be multiple attack vectors by which this vulnerability can be exploited, it seems to be challenging to exploit. Poly products do not make typical use of the most likely vectors of attack: MTAs, web-reachable diagnostic tools, or client applications such as web browsers.
Exploitation of this glibc vulnerability would require that a program on your Poly device performs a lookup of a host name provided by an attacker via a compromised DNS server.
The lookup would need to be done in a very particular manner and must lack some commonly employed sanity checks. Further, gethostbyname () functions have been obsoleted within
IPv6-supported applications by way of the getaddrinfo () call. We are continuing to investigate whether this completely mitigates the impact of this vulnerability on certain Poly devices.
An effective mitigation strategy will incorporate techniques both from within the product and within the deployment architecture. Steps that may be taken include but are not limited to: Protect your systems from corrupted outside servers via network firewalling or separation. Protect your systems from unauthorized access with named accounts and complex passwords. Use firewalls or VLAN’s to limit scope of name lookups. Use IP addresses rather than names where possible. Use IPv6 where possible.
Workaround
There is no workaround.
Contact
Any customer using an affected system who is concerned about this vulnerability within their deployment should contact Poly Technical Support – (888) 248-4143, (916) 928-7561, or visit the Poly Support Site.
Revision History
| VERSION | DATE | DESCRIPTION |
|---|---|---|
1.0 |
1/29/2015 |
Original publication |
1.1 |
NA |
Unpublished |
1.2 |
2/4/2015 |
New Products Added |
1.3 |
2/24/2015 |
Many Products Added; Some Edits |
1.4 |
2/27/2015 |
RPAD returned to NOT VULNERABLE, better detail on phones |
1.5 |
3/16/2015 |
Updated fix and release information |
1.6 |
4/10/2015 |
Updated fix and release information |
1.7 |
4/20/2015 |
Updated fix and release information |
1.8 |
4/30/2015 |
Updated fix and release information |
1.9 |
5/19/2015 |
Updated fix and release information |
2.0 |
10/23/2015 |
Final – Updated fixed status on all products |
3.0 |
3/11/2022 |
Format Changes |
©2022 Plantronics, Inc. All rights reserved.
Trademarks
Poly, the propeller design, and the Poly logo are trademarks of Plantronics, Inc. All other trademarks are property of their respective owners. No portion hereof may be reproduced or transmitted in any form or by any means, for any purpose other than the recipient's personal use, without the express written permission of Poly.
Disclaimer
While Poly uses reasonable efforts to include accurate and up-to-date information in this document, Poly makes no warranties or representations as to its accuracy. Poly assumes no liability or responsibility for any typographical errors, out of date information, or any errors or omissions in the content of this document. Poly reserves the right to change or update this document at any time. Individuals are solely responsible for verifying that they have and are using the most recent Technical Bulletin.
Limitation of Liability
Poly and/or its respective suppliers make no representations about the suitability of the information contained in this document for any purpose. Information is provided "as is" without warranty of any kind and is subject to change without notice. The entire risk arising out of its use remains with the recipient. In no event shall Poly and/or its respective suppliers be liable for any direct, consequential, incidental, special, punitive, or other damages whatsoever (including without limitation, damages for loss of business profits, business interruption, or loss of business information), even if Poly has been advised of the possibility of such damages.