mirror of
https://github.com/LCTT/TranslateProject.git
synced 2024-12-26 21:30:55 +08:00
[translated] 20150131 WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux.md
This commit is contained in:
parent
da510d7511
commit
454c6f1425
@ -1,50 +0,0 @@
|
|||||||
zpl1025
|
|
||||||
WordPress Can Be Used to Leverage Critical Ghost Flaw in Linux
|
|
||||||
-----
|
|
||||||
*Users are advised to apply available patches immediately*
|
|
||||||
|
|
||||||
![WordPress validating pingback’s post URL](http://i1-news.softpedia-static.com/images/news2/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730-2.jpg)
|
|
||||||
|
|
||||||
**The vulnerability revealed this week by security researchers at Qualys, who dubbed it [Ghost](1), could be taken advantage of through WordPress or other PHP applications to compromise web servers.**
|
|
||||||
|
|
||||||
The glitch is a buffer overflow that can be triggered by an attacker to gain command execution privileges on a Linux machine. It is present in the glibc’s “__nss_hostname_digits_dots()” function that can be used by the “gethostbyname()” function.
|
|
||||||
|
|
||||||
##PHP applications can be used to exploit the glitch
|
|
||||||
|
|
||||||
Marc-Alexandre Montpas at Sucuri says that the problem is significant because these functions are used in plenty of software and server-level mechanism.
|
|
||||||
|
|
||||||
“An example of where this could be a big issue is within WordPress itself: it uses a function named wp_http_validate_url() to validate every pingback’s post URL,” which is carried out through the “gethostbyname()” function wrapper used by PHP applications, he writes in a blog post on Wednesday.
|
|
||||||
|
|
||||||
An attacker could use this method to introduce a malicious URL designed to trigger the vulnerability on the server side and thus obtain access to the machine.
|
|
||||||
|
|
||||||
In fact, security researchers at Trustwave created [proof-of-concept](2) code that would cause the buffer overflow using the pingback feature in WordPress.
|
|
||||||
|
|
||||||
##Multiple Linux distributions are affected
|
|
||||||
|
|
||||||
Ghost is present in glibc versions up to 2.17, which was made available in May 21, 2013. The latest version of glibc is 2.20, available since September 2014.
|
|
||||||
|
|
||||||
However, at that time it was not promoted as a security fix and was not included in many Linux distributions, those offering long-term support (LTS) in particular.
|
|
||||||
|
|
||||||
Among the impacted operating systems are Debian 7 (wheezy), Red Hat Enterprise Linux 6 and 7, CentOS 6 and 7, Ubuntu 12.04. Luckily, Linux vendors have started to distribute updates with the fix that mitigates the risk. Users are advised to waste no time downloading and applying them.
|
|
||||||
|
|
||||||
In order to demonstrate the flaw, Qualys has created an exploit that allowed them remote code execution through the Exim email server. The security company said that it would not release the exploit until the glitch reached its half-life, meaning that the number of the affected systems has been reduced by 50%.
|
|
||||||
|
|
||||||
Vulnerable application in Linux are clockdiff, ping and arping (under certain conditions), procmail, pppd, and Exim mail server.
|
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
|
||||||
|
|
||||||
via:http://news.softpedia.com/news/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730.shtml
|
|
||||||
|
|
||||||
本文发布时间:30 Jan 2015, 17:36 GMT
|
|
||||||
|
|
||||||
作者:[Ionut Ilascu][a]
|
|
||||||
|
|
||||||
译者:[译者ID](https://github.com/译者ID)
|
|
||||||
|
|
||||||
校对:[校对者ID](https://github.com/校对者ID)
|
|
||||||
|
|
||||||
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
|
||||||
|
|
||||||
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
|
|
||||||
[1]:http://news.softpedia.com/news/Linux-Systems-Affected-by-14-year-old-Vulnerability-in-Core-Component-471428.shtml
|
|
||||||
[2]:http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html
|
|
@ -0,0 +1,49 @@
|
|||||||
|
WordPress可以用来触发Linux上的Ghost缺陷
|
||||||
|
-----
|
||||||
|
*建议用户马上更新可用的补丁*
|
||||||
|
|
||||||
|
![WordPress validating pingback’s post URL](http://i1-news.softpedia-static.com/images/news2/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730-2.jpg)
|
||||||
|
|
||||||
|
**这个漏洞于本周由Qualys的安全研究员发现,并取了绰号叫[Ghost](1),可以利用WordPress或其他PHP应用来攻击网站服务器。**
|
||||||
|
|
||||||
|
这个瑕疵是一个缓冲区溢出问题,可以被攻击者触发用来获取Linux主机的命令行执行权限。发生在glibc的“__nss_hostname_digits_dots()”函数中,它会被“gethostbyname()”函数用到。
|
||||||
|
|
||||||
|
##PHP应用可以用来利用这个瑕疵
|
||||||
|
|
||||||
|
Sucuri的Marc-Alexandre Montpas说之所以这个问题很重要是因为这些函数在大量软件和服务器系统使用。
|
||||||
|
|
||||||
|
“说这是个严重问题的一个例子是WordPress本身:它使用一个叫wp_http_validate_url()的函数来验证每个pingback的发送URL,它是通过PHP应用的“gethostbyname()”函数替代来执行的”,他在周三的一篇博客文章里写到。
|
||||||
|
|
||||||
|
攻击者可以用这种方式来引入一个设计用来触发服务器端漏洞的恶意URL,从而获得系统访问权限。
|
||||||
|
|
||||||
|
实际上,Trustwave的安全研究人员提供了[验证][2]代码,可以使用WordPress的pingback功能引起缓冲区溢出。
|
||||||
|
|
||||||
|
##多个Linux发行版受到影响
|
||||||
|
|
||||||
|
ghost漏洞存在于glibc 2.17以上版本中,发布于2013年5月21日。glibc当前版本是2.20,发布于2014年9月。
|
||||||
|
|
||||||
|
不过,当时并没有升级为一个安全补丁,许多发行版并没有包含进去,特别是提供长期支持(LTS)的发行版。
|
||||||
|
|
||||||
|
受影响的系统包括Debian 7(wheezy),Red Hat企业版Linux 6和7,CentOS 6和7,Ubuntu 12.04。幸运的是,Linux供应商已经开始发布可以减轻风险的升级补丁。建议用户马上下载并更新。
|
||||||
|
|
||||||
|
为了展示这个漏洞,Qualys建立了一个利用它通过Exim邮件服务器运行远程代码的试验页面。这家安全公司声称在这个漏洞丢掉半条命之前不会关闭这个页面,意思是受影响的系统的数量降到50%的水平。
|
||||||
|
|
||||||
|
Linux上存在漏洞的应用包括clockdiff,ping和arping(在某些特定情况下),procmail,pppd,和Exim邮件服务器。
|
||||||
|
|
||||||
|
--------------------------------------------------------------------------------
|
||||||
|
|
||||||
|
via:http://news.softpedia.com/news/WordPress-Can-Be-Used-to-Leverage-Critical-Ghost-Flaw-in-Linux-471730.shtml
|
||||||
|
|
||||||
|
本文发布时间:30 Jan 2015, 17:36 GMT
|
||||||
|
|
||||||
|
作者:[Ionut Ilascu][a]
|
||||||
|
|
||||||
|
译者:[zpl1025](https://github.com/zpl1025)
|
||||||
|
|
||||||
|
校对:[校对者ID](https://github.com/校对者ID)
|
||||||
|
|
||||||
|
本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译,[Linux中国](http://linux.cn/) 荣誉推出
|
||||||
|
|
||||||
|
[a]:http://news.softpedia.com/editors/browse/ionut-ilascu
|
||||||
|
[1]:http://news.softpedia.com/news/Linux-Systems-Affected-by-14-year-old-Vulnerability-in-Core-Component-471428.shtml
|
||||||
|
[2]:http://blog.spiderlabs.com/2015/01/ghost-gethostbyname-heap-overflow-in-glibc-cve-2015-0235.html
|
Loading…
Reference in New Issue
Block a user