Are Symantec Encryption products impacted by the “GHOST" vulnerability (CVE-2015-0235). None of the Symantec Encryption client products are vulnerable, and neither is the Symantec Endpoint Encryption Server.
However, Symantec Encryption Management servers could potentially be affected by the “GHOST” vulnerability in specific circumstances. We will be addressing that possibility in the next release.
While the product currently ships with a vulnerable version of the component, extensive testing has shown that we are not directly susceptible. Any attempt would require execution of a very specific set of steps, as well as relying on social engineering, to be successful.
The Encryption Product Group plans to include the updated version of the glibc packages in the next maintenance pack release of the software (Symantec Encryption Management Server version 3.3.2 MP8).
Imported Document ID: TECH228598
Subscribing will provide email updates when this Article is updated. Login is required.