Critical Ghost bug could haunt WordPress and PHP apps, too

[InfoSec News <alerts () infosecnews org>]

http://arstechnica.com/security/2015/01/critical-ghost-bug-could-haunt-wordpress-and-php-apps-too/

By Dan Goodin
Ars Technica
Jan 30, 2015

Add PHP applications and the WordPress Web platform to the list of wares 
that may be susceptible to the critical Linux vulnerability known as 
Ghost.

As Ars reported Wednesday, the flaw resided in a variety of Linux 
distributions, including Centos/RHEL/Fedora 5, 6, and 7 Ubuntu 12.04, and 
possibly other versions. The buffer overflow made its way into those 
distributions through the GNU C Library, specifically in its 
gethostbyname() and gethostbyname2() function calls. The bug made it 
possible to execute malicious code by sending malformed data to various 
applications and services running on vulnerable systems. Proof-of-concept 
attack code was able to exploit the vulnerability in the Exim mail server, 
and researchers widely suspected clockdiff, procmail, and pppd were also 
susceptible. Now, researchers from security firm Sucuri have expanded the 
list.

"We also have good reasons to believe PHP applications might also be 
affected, through its gethostbyname() function wrapper," Sucuri Senior 
Vulnerability Researcher Marc-Alexandre Montpas wrote in a blog post 
published Thursday. "An example of where this could be a big issue is 
within WordPress itself: it uses a function named wp_http_validate_url() 
to validate every pingback's post URL… and it does so by using 
gethostbyname(). So an attacker could leverage this vector to insert a 
malicious URL that would trigger a buffer overflow bug, server-side, 
potentially allowing him to gain privileges on the server."

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/