Critical Ghost bug could haunt WordPress and PHP apps, too

Add PHP applications and the WordPress Web platform to the list of wares that may be susceptible to the critical Linux vulnerability known as Ghost.

As Ars reported Wednesday, the flaw resided in a variety of Linux distributions, including Centos/RHEL/Fedora 5, 6, and 7 Ubuntu 12.04, and possibly other versions. The buffer overflow made its way into those distributions through the GNU C Library, specifically in its gethostbyname() and gethostbyname2() function calls. The bug made it possible to execute malicious code by sending malformed data to various applications and services running on vulnerable systems. Proof-of-concept attack code was able to exploit the vulnerability in the Exim mail server, and researchers widely suspected clockdiff, procmail, and pppd were also susceptible.

Now, researchers from security firm Sucuri have expanded the list.

Read 2 remaining paragraphs | Comments