Page 1 of 1

CVE-2015-0235

Posted: Wed Jan 28, 2015 4:53 am
by sejtam
Are any version of RouterOS affected by this vulnerability?

https://cve.mitre.org/cgi-bin/cvename.c ... -2015-0235

The bug apparently goes back almost a decade?

Latest Security Flaw... "Ghost"

Posted: Wed Jan 28, 2015 7:51 am
by avantwireless
For the Mikrotik folks.. How soon will there be a version out to address Ghost
http://ma.ttias.be/critical-glibc-updat ... ame-calls/


Sounds like RouterOS is probably vulnerable to this one...

Re: CVE-2015-0235

Posted: Wed Jan 28, 2015 9:24 am
by normis
I double checked this with our developers, and I can confirm that this vulnerability does not affect any RouterOS version

Re: CVE-2015-0235

Posted: Wed Jan 28, 2015 9:47 am
by NathanA
This vulnerability is in the C library glibc, but RouterOS uses a different library, uClibc, which has not been shown to have this vulnerability (completely different codebase).

-- Nathan

Re: CVE-2015-0235

Posted: Wed Jan 28, 2015 10:12 am
by avantwireless
Great News!!! Now that made my day! And this kind of response addressing this kind of problem with this kind of promptness needs to be applauded. Wow is that ever impressive!


Thanks!