document/TranslateProject
2
0
Fork 0
mirror of https://github.com/LCTT/TranslateProject.git synced 2024-12-26 21:30:55 +08:00
Code Issues Packages Projects Releases Wiki Activity

[translated] 20150131 WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux.md

Browse Source
This commit is contained in:
Frank Zhang 2015-03-15 15:17:10 +08:00
parent da510d7511
commit 454c6f1425
2 changed files with 49 additions and 50 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
sources/news/20150131 WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux.md
View File

@ -1,50 +0,0 @@
zpl1025
WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux
-----
*Users are advised to apply available patches immediately*
![WordPress validating pingbacks post URL](http://i1-news.softpedia-static.com/images/news2/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730-2.jpg)
**The vulnerability revealed this week by security researchers at Qualys, who dubbed it [Ghost](1), could be taken advantage of through WordPress or other PHP applications to compromise web servers.**
The glitch is a buffer overflow that can be triggered by an attacker to gain command execution privileges on a Linux machine. It is present in the glibcs “__nss_hostname_digits_dots()” function that can be used by the “gethostbyname()” function.
##PHP applications can be used to exploit the glitch
Marc-Alexandre Montpas at Sucuri says that the problem is significant because these functions are used in plenty of software and server-level mechanism.
“An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingbacks post URL,” which is carried out through the “gethostbyname()” function wrapper used by PHP applications, he writes in a blog post on Wednesday.
An attacker could use this method to introduce a malicious URL designed to trigger the vulnerability on the server side and thus obtain access to the machine.
In fact, security researchers at Trustwave created [proof-of-concept](2) code that would cause the buffer overflow using the pingback feature in WordPress.
##Multiple Linux distributions are affected
Ghost is present in glibc versions up to 2.17, which was made available in May 21, 2013. The latest version of glibc is 2.20, available since September 2014.
However, at that time it was not promoted as a security fix and was not included in many Linux distributions, those offering long-term support (LTS) in particular.
Among the impacted operating systems are Debian 7 (wheezy), Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, Ubuntu 12.04. Luckily, Linux vendors have started to distribute updates with the fix that mitigates the risk. Users are advised to waste no time downloading and applying them.
In order to demonstrate the flaw, Qualys has created an exploit that allowed them remote code execution through the Exim email server. The security company said that it would not release the exploit until the glitch reached its half-life, meaning that the number of the affected systems has been reduced by 50%.
Vulnerable application in Linux are clockdiff, ping and arping (under certain conditions), procmail, pppd, and Exim mail server.
--------------------------------------------------------------------------------
via:http://news.softpedia.com/news/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730.shtml
本文发布时间:30 Jan 2015, 17:36 GMT
作者:[Ionut Ilascu][a]
译者:[译者ID](https://github.com/译者ID)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
[1]:http://news.softpedia.com/news/Linux-Systems-Affected-by-14-year-old-Vulnerability-in-Core-Component-471428.shtml
[2]:http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html

49
translated/news/20150131 WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux.md Normal file
View File

@ -0,0 +1,49 @@
WordPress可以用来触发Linux上的Ghost缺陷
-----
*建议用户马上更新可用的补丁*
![WordPress validating pingbacks post URL](http://i1-news.softpedia-static.com/images/news2/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730-2.jpg)
**这个漏洞于本周由Qualys的安全研究员发现并取了绰号叫[Ghost](1)可以利用WordPress或其他PHP应用来攻击网站服务器。**
这个瑕疵是一个缓冲区溢出问题可以被攻击者触发用来获取Linux主机的命令行执行权限。发生在glibc的“__nss_hostname_digits_dots()”函数中它会被“gethostbyname()”函数用到。
##PHP应用可以用来利用这个瑕疵
Sucuri的Marc-Alexandre Montpas说之所以这个问题很重要是因为这些函数在大量软件和服务器系统使用。
“说这是个严重问题的一个例子是WordPress本身它使用一个叫wp_http_validate_url()的函数来验证每个pingback的发送URL它是通过PHP应用的“gethostbyname()”函数替代来执行的”,他在周三的一篇博客文章里写到。
攻击者可以用这种方式来引入一个设计用来触发服务器端漏洞的恶意URL从而获得系统访问权限。
实际上Trustwave的安全研究人员提供了[验证][2]代码可以使用WordPress的pingback功能引起缓冲区溢出。
##多个Linux发行版受到影响
ghost漏洞存在于glibc 2.17以上版本中发布于2013年5月21日。glibc当前版本是2.20发布于2014年9月。
不过当时并没有升级为一个安全补丁许多发行版并没有包含进去特别是提供长期支持LTS的发行版。
受影响的系统包括Debian 7wheezyRed Hat企业版Linux 6和7CentOS 6和7Ubuntu 12.04。幸运的是Linux供应商已经开始发布可以减轻风险的升级补丁。建议用户马上下载并更新。
为了展示这个漏洞Qualys建立了一个利用它通过Exim邮件服务器运行远程代码的试验页面。这家安全公司声称在这个漏洞丢掉半条命之前不会关闭这个页面意思是受影响的系统的数量降到50%的水平。
Linux上存在漏洞的应用包括clockdiffping和arping在某些特定情况下procmailpppd和Exim邮件服务器。
--------------------------------------------------------------------------------
via:http://news.softpedia.com/news/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730.shtml
本文发布时间:30 Jan 2015, 17:36 GMT
作者:[Ionut Ilascu][a]
译者:[zpl1025](https://github.com/zpl1025)
校对:[校对者ID](https://github.com/校对者ID)
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
[1]:http://news.softpedia.com/news/Linux-Systems-Affected-by-14-year-old-Vulnerability-in-Core-Component-471428.shtml
[2]:http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html