January 27th, 2015 a severe GHOST vulnerability affecting Linux systems was discovered in the C library of GNU / Linux (glibc) that gives control to attackers without requiring system credentials.
GHOST creates a buffer overflow that affects all the gethostbyname*() functions in the glibc library. These functions change a hostname into an IP addresses. A hacker exploiting this can gain complete access of the Linux machine.
Researchers from website security research firm Sucuri said Wednesday that they have good reasons to believe the flaw can be exploited through Web applications written in PHP that use gethostbyname() function wrappers. This has the potential to significantly expand the attack vectors.
One clear example of such a PHP application is WordPress, which uses a function called wp_http_validate_url() to validate the URLs of pingback posts.
“It does so by using gethostbyname(), so an attacker could leverage this vector to insert a malicious URL that would trigger a buffer overflow bug, server-side, potentially allowing him to gain privileges on the server,” Sucuri senior vulnerability researcher Marc-Alexandre Montpas said in a blog post.
Then Thursday, security researchers from Trustwave SpiderLabs created a proof-of-concept script to trigger the glibc buffer overflow though the WordPress pingback feature.
To date, there hasn't been any reported buffer overflow with the Joomla! CMS.
What has Stallion Online Services done? Stallion Online has ensured that all software on our servers is running the most recent version.
Saturday, January 31, 2015
