CVE-2015-0235 aka GHOST - Lighthouse is affected, other Opengear products are not affected

A vulnerability has been discovered in the glibc library's gethostbyname function that allows an unauthenticated remote user to craft a request to affected network services and execute arbitrary code.

Non-Lighthouse products are not affected as they do not use glibc.

Lighthouse's SSH service in its default configuration is not vulnerable.  To confirm your Lighthouse's SSH service is not vulnerable, ensure that "UseDNS no" line is present in: /etc/config/sshd_config

Lighthouse's OpenVPN and IPsec services are not vulnerable.

Lighthouse HTTP/HTTPS Web Management, NTP Server and Telnet services are vulnerable.  Of these, only HTTPS is enabled by default.

To mitigate this, we recommend disabling access to the Lighthouse's vulnerable services from any networks where remote access may be possible from untrusted parties.

In the Opengear web UI, click System -> Services -> Service Access. Along the row for each vulnerable service, uncheck the boxes of any interfaces that are not connected to a 100% trusted network.

Please ensure you have some method of remote access still enabled and tested (e.g. SSH, VMware console or KVM), then click Apply.

Alternatively, to allow access only to explicitly trusted source networks, follow the steps in this Knowledge Base article: https://opengear.zendesk.com/entries/56164405-How-do-I-restrict-service-access-to-connections-from-a-trusted-source-network-only-

Opengear are preparing a software update that patches the Lighthouse vulnerability, for release in the coming days.