Home » , » Ghost (glibc) Vulnerability Impacts PHP Applications & WordPress CMS

Ghost (glibc) Vulnerability Impacts PHP Applications & WordPress CMS

jaki watson | 01:42 | 0 comments
PHP Application Development
After the expose of the Ghost vulnerability in the GNU library (glibc), researchers have revealed that PHP applications, comprising the WordPress content management system could be another weak mark in the crosshairs of attackers. Both PHP applications and WordPress CMS probably affected by this vulnerability that could be oppressed to negotiation the hosting servers.

When it comes to talk about the Ghost vulnerability in glibc that can be used by attackers only a handful of applications right now to remotely run executable code and gain control of a Linux server. However, this vulnerability considered as bumper overflow and it affects all Linux systems as per the experts, and has been present in the glibc code since 2000.

In the GNU library, the Ghost vulnerability has huge impact than it is imagined as security experts have also discovered that PHP applications, including the popular WordPress Content Management System (CMS) could also be affected by the flaw.

In all Linux systems dating back to 2000, people can see vulnerability and could be exploited by attackers to execute code and remote gain control of Linux machines. Researchers first discovered the vulnerability at Qualys and it affects the glibc function “GetHOSTbyname().” Luckily, the alleviation is simple, the major Linux distributors, including Debian, Ubuntu and Red Hat have already issued security updates for their software.

Experts have highlighted that the PHP applications including WordPress also referring the gethostbyname() function wrapper, revealing the users of highly well-known CMS to the risk of hack.

“We also have good reasons to believe PHP applications might also be affected, through its gethostbyname() function wrapper. An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback’s post URL:” states the Sucuri researcher Marc-Alexandre Montpas.”

Moreover, GHOST vulnerability also symbolizes a critical threat for WordPress CMS, which raises gethostbyname() function wrapper while using the function wp_http_validate_url () to validate pingbacks.

“So an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server.” continues the post.

From glibc-2.17 and lower, the vulnerability affects all versions. In May 2013, it was patched in glibc 2.18, but it was not marked as security vulnerability, so the fix did not make it into different common Linux distributions like Ubuntu and RedHat.

Moreover, Sucuri also invites all administrators of devoted servers and virtual private servers running Linux OS to update the flawed library.

“If you have a dedicated server (or VPS) running Linux, you have to make sure you update it right away.” Montpas said.

To discover that whether they are affected by the Ghost vulnerability or not, administrators can run the below mentioned code:

php -r '$e="0″;for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);' Segmentation fault
If administrators found their system vulnerable, they need to update their servers with software updates provided by Linux distributors.

Professionals have advised to disable the XML-RPC process and Pingback requests to decrease the surface of attack. By adding below mentioned code to their functions.php file, admin can disable the pingback feature:

add_filter( 'xmlrpc_methods' , function( $methods' ) { unset( $methods[ 'pingback.ping ] ); return $methods; } );

Keep visiting our blog for more information on PHP and its related solutions as here we keep updating top stories and latest news on PHP development and more.
Share this article :


Post a Comment

Design by: