Share

tweet



Using WordPress and other PHP-applications an attacker can compromise a system.

Researchers warn that the popular content management system WordPress can be subjected to the GHOST critical vulnerability, found in the GNU C library (glibc). In addition to WordPress, a gap can affect the majority of PHP-applications and distributions of Linux-based systems.

GHOST is a dangerous vulnerability (CVE-2015-0235), which discovered experts a California company Qualys. The vulnerability allows to compromise the system via a buffer overflow in the function gethostbyname(). According to the researchers, the bug already existed in the source code glibc since 2000.

According to the Sucuri expert Marc-Alexandre Montpas, the GHOST vulnerability can affect WordPress. This is due to the fact that WordPress uses wp_http_validate_url() function to validate every pingback post URL, which refers to the vulnerable function gethostbyname(). This was reported by the expert in security bulletin, published on Wednesday, January 28.

Below you can see as WordPress uses a function named wp_http_validate_url():

In order to check whether the vulnerable web-server based on Linux, the administrator must perform the following PHP-code in a terminal:

php -r '$ e = "0"; for ($ i = 0; $ i <2500; $ i ++) {$ e = "0 $ e";} gethostbyname ($ e);' Segmentation fault

If the code returns a segmentation fault, then your Linux server is vulnerable to the GHOST vulnerability.

In order to eliminate the vulnerability, you should install the latest update for your Linux distribution and reboot your system. This applies only to users of Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, and Ubuntu 12.04. In other cases, it is recommended to disable XML-RPC and pingback requests. There are even WordPress plugins that will totally disable XML-RPC process.