BMC Software’s Application Security team has investigated the impact that the CVE-2015-0235 (a.k.a. “GHOST”) vulnerability has on the security posture of BMC products and services.
As this flaw stems from the glibc function and manifests itself via the gethostbyname() function, we have not found it to be exploitable in any BMC products. However, the products listed below ship with Linux operating systems and are therefore affected by the CVE-2015-0235 vulnerability. We recommend that our customers take the necessary steps to prevent exploitation of CVE-2015-0235 either by patching their Linux operation systems or by configuring appropriate IPS signatures.
Products which include a vulnerable OS
Remediation / Patching
BMC Atrium Discovery and Dependency Mapping - all versions BMC Atrium Discovery and Dependency Mapping Proxy - all versions
The latest OS update includes an updated version of the glibc function.
BMC Real End User Experience Monitoring BMC Real End User Experience Monitoring Hardware Collector BMC TrueSight End User Monitor
A device patch and product specific knowledge article are expected by February 28, 2015.