Egnyte Help Desk

Security Vulnerability

01/28/15

A potentially serious security vulnerability (CVE-2015-0235) affecting most Linux distributions was disclosed on Tuesday, 01/27/2015. This vulnerability has been named "GHOST". This is due to the method by which a system can be exploited.

Nearly every installed Linux-based system is vulnerable. While this is true, the real-world application is still being determined. According to Qualys, who is credited with discovering the vulnerability, it is possible to receive access to a remote shell using this bug. 

 

Cloud File Server

A fix for this vulnerability was made available for the Linux distributions on Tuesday evening. The Egnyte Security team along with the Operations team executed an emergency change management procedure to deploy this fix. Unfortunately, this patch required a reboot of our servers. Some customers may have experienced intermittent access during this time period. All update process was completed by 01/28/15, 6:00AM Pacific.

 

Storage Sync & Storage Connect

VM Deployments: There is no known way to exploit this vulnerability on Storage Sync and Storage Connect on VM deployments. However to be cautious, we will update our VM's with the security patch and issue a software release at the earliest.

Native Deployments (Storage Sync on NETGEAR & Synology): We are anticipating firmware upgrades from NETGEAR and Synology and are working with these hardware vendors to coordinate our product release.

 

If you have any questions, please submit a request

 

Further reading can be found here:
http://ma.ttias.be/critical-glibc-update-cve-2015-0235-gethostbyname-calls/
https://access.redhat.com/security/cve/CVE-2015-0235
https://community.qualys.com/blogs/laws-of-vulnerabilities/2015/01/27/the-ghost-vulnerability
https://www.qualys.com/research/security-advisories/GHOST-CVE-2015-0235.txt

 

- Kris Lahiri

Chief Security Officer, Egnyte Inc.

Egnyte Community

Egnyte Community

Want to connect with other Egnyte users and our Egnyte team? Share ideas and ask questions in our Community.

Help Improve Egnyte

Every day we work hard to make Egnyte better with feedback from users to improve our products. Sign up to participate in Egnyte User Studies.