Jump to content


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.


GHOST glibc Vulnerability Affects WordPress and PHP applications

  • Please log in to reply
No replies to this topic

#1 NickAu


    Bleepin' Fish Doctor

  • Moderator
  • 13,854 posts
  • Gender:Male
  • Location: Australia
  • Local time:04:51 PM

Posted 30 January 2015 - 11:58 PM


After the disclosure of extremely critical GHOST vulnerability in the GNU C library (glibc) — a widely used component of most Linux distributions, security researchers have discovered that PHP applications, including the WordPress Content Management System (CMS), could also be affected by the bug.
"GHOST" is a serious vulnerability (CVE-2015-0235), announced this week by the researchers of California-based security firm Qualys, that involves a heap-based buffer overflow in the glibc function name - "GetHOSTbyname()." Researchers said the vulnerability has been present in the glibc code since 2000.
Though the major Linux distributors such as Red Hat, Debian and Ubuntu, have already updated their software against the flaw, GHOST could be used by hackers against only a handful of applications currently to remotely run executable code and silently gain control of a Linux server.

As we explained in our previous article, heap-based buffer overflow was found in __nss_hostname_digits_dots() function, which is particularly used by the gethostbyname() and gethostbyname2() glibc function call.
Since, PHP applications including WordPress also use the gethostbyname() function wrapper, the chance of the critical vulnerability becomes higher even after many Linux distributions issued fixes.
According to the Sucuri researcher Marc-Alexandre Montpas, GHOST vulnerability could be a big issue for WordPress CMS, as it uses wp_http_validate_url() function to validate every pingback post URL.
GHOST glibc Vulnerability Affects WordPress and PHP applications



BC AdBot (Login to Remove)


0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users