A major security vulnerability known as Ghost has been identified under CVE-2015-0235

Ghost is a buffer overflow vulnerability in the C library used to lookup the IP address / hostnames of network resources like servers and websites.

As the vulnerability exists in a very high proportion of Linux distributions and embedded systems, it’s advisable to check everything you are responsible for. This means checking web servers of course – but also ADSL routers, WiFi access points and switches at home as well as at work.

Ghost and PHP

PHP uses the gethostbyname() function so the potential attack vectors of exploitation are high.  Also, WordPress uses this as part of its core so numerous WordPress sites could be affected.  Please see the note for developers and system administrators below to find out how to test your site.

What to do?

Your first point of call is the vendor and most responsible vendors are on the case already. Our major technology partners such as Sophos and Excitor have already or are imminently issuing updates to their affected products.

Sophos have issued valuable information and advice which can be found here:  Ghost Vulnerability – What to Do.

For Developers And System Administrators:

To test for the vulnerability, system administrators can run the following code from the command line:

php -r '$e="0";for($i=0;$i<2500;$i++){$e="0$e";} gethostbyname($e);' Segmentation fault

If this produces a ‘segmentation fault’ notice in the command prompt, the server is vulnerable to this issue (taken from The Hacker News).