CVE-2015-0235

sejtam · January 28, 2015, 2:53am

Are any version of RouterOS affected by this vulnerability?

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-0235

The bug apparently goes back almost a decade?

avantwireless · January 28, 2015, 5:51am

For the Mikrotik folks.. How soon will there be a version out to address Ghost
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/

Sounds like RouterOS is probably vulnerable to this one…

normis · January 28, 2015, 7:24am

I double checked this with our developers, and I can confirm that this vulnerability does not affect any RouterOS version

NathanA · January 28, 2015, 7:47am

This vulnerability is in the C library glibc, but RouterOS uses a different library, uClibc, which has not been shown to have this vulnerability (completely different codebase).

– Nathan

avantwireless · January 28, 2015, 8:12am

Great News!!! Now that made my day! And this kind of response addressing this kind of problem with this kind of promptness needs to be applauded. Wow is that ever impressive!

Thanks!