Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Operator » The GHOST vulnerability (CVE-2015-0235)
  •  
Vladimir Toncar (Kerio)

Messages: 1696
Karma: 39
Send a private message to this user
Hi,

You may have heard there is a newly discovered vulnerability in the glibc DNS resolving code.

Operator versions up to 2.3.4 contain the vulnerable code. However, the vulnerability could only be exploited from the local area network (in the default configuration) as Operator provides DNS resolving to the auto-provisioned phones.

The default configuration of Operator's built-in firewall is that only local addresses are allowed to use HW phone provisioning. DNS is one of the services this option covers. You should keep this default configuration.

A patch version will be released soon.

Vladimir

[Updated on: Tue, 03 March 2015 12:12]

Previous Topic: Text for Voicemail
Next Topic: Night Mode with custom message.
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Jan 19 05:26:02 CET 2017

Total time taken to generate the page: 0.00357 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.