GHOST Vulnerability Affecting Open-Source Web Servers

Researchers at Qualys (a California-based security research firm) recently disclosed a critical buffer overflow issue aptly named: GHOST. This is a remote command execution vulnerability in the GNU C library (glibc) – a popular component of most Linux based web servers.

The good news is that most major Linux distributors () have already applied security patches to their builds. But what does this mean for our clients and DIY webmasters? Well, the most widely-adopted operating system for web servers housing and generating web content is Linux, and considering that the most popular website frameworks used to build web content are open source CMS’s like WordPress, Drupal, Joomla and Magento – it spells out bad news if server administrators have yet to patch this security bug.

Sucuri recommends server administrators to “Update as soon as possible!

This is a very critical vulnerability and should be treated as such. If you have a dedicated server (or VPS) running Linux, you have to make sure you update it right away. We know for a fact that Centos/RHEL/Fedora 5,6,7 as vulnerable, as well as some Ubuntu versions.

As a quick test, if you run the following PHP code on your terminal:

php -r ‘$e=”0″;for($i=0;$i<2500;$i++){$e=”0$e”;} gethostbyname($e);’
Segmentation fault

How are we handling this issue?

Since this vulnerability affects all versions of glibc (from 2.17 and lower), despite it being patched in 2.18 and up – this was not marked as a security vulnerability, so many web hosting providers may have yet to apply the security fix. This is why we’ve taken the recommended precautionary steps and ensured that we have disabled XML-RPC and pingback requests on all of our clients CMS installations until we can be sure that all server administrators have properly applied this critical security update.