Community discussions

MikroTik App
 
sejtam
Frequent Visitor
Frequent Visitor
Topic Author
Posts: 67
Joined: Sun Dec 14, 2014 4:23 pm

CVE-2015-0235

Wed Jan 28, 2015 4:53 am

Are any version of RouterOS affected by this vulnerability?

https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235

The bug apparently goes back almost a decade?
 
avantwireless
Member Candidate
Member Candidate
Posts: 137
Joined: Mon Nov 07, 2005 3:04 am

Latest Security Flaw... "Ghost"

Wed Jan 28, 2015 7:51 am

For the Mikrotik folks.. How soon will there be a version out to address Ghost
http://ma.ttias.be/critical-glibc-updat ... ame-calls/


Sounds like RouterOS is probably vulnerable to this one...
 
User avatar
normis
MikroTik Support
MikroTik Support
Posts: 26322
Joined: Fri May 28, 2004 11:04 am
Location: Riga, Latvia

Re: CVE-2015-0235

Wed Jan 28, 2015 9:24 am

I double checked this with our developers, and I can confirm that this vulnerability does not affect any RouterOS version
 
User avatar
NathanA
Forum Veteran
Forum Veteran
Posts: 829
Joined: Tue Aug 03, 2004 9:01 am

Re: CVE-2015-0235

Wed Jan 28, 2015 9:47 am

This vulnerability is in the C library glibc, but RouterOS uses a different library, uClibc, which has not been shown to have this vulnerability (completely different codebase).

-- Nathan
 
avantwireless
Member Candidate
Member Candidate
Posts: 137
Joined: Mon Nov 07, 2005 3:04 am

Re: CVE-2015-0235

Wed Jan 28, 2015 10:12 am

Great News!!! Now that made my day! And this kind of response addressing this kind of problem with this kind of promptness needs to be applauded. Wow is that ever impressive!


Thanks!

Who is online

Users browsing this forum: Ahrefs [Bot], Amazon [Bot], mkx, mtkvvv, xstrid3rx and 82 guests