Wary of the Ghost vulnerability in the butterfly effect granted Server Permissions-bug warning-the black bar safety net

ID MYHACK58:62201558733
Type myhack58
Reporter 佚名
Modified 2015-02-03T00:00:00


Recently everyone is concerned about the Ghost vulnerability, CNNVD-2 0 1 5 0 1-6 5 8, In addition to in clockdiff, and procmail, and exim and other applications on the discovered vulnerabilities, yesterday security personnel found to have spread to the common on the web application, such as the famous wordpress, the wordpress in wp_http_validate_url() function, the underlying gethostbyname()of the package, and therefore also subject to the Ghost vulnerability.

The relevant code is as follows:

An attacker can insert a malicious URL to trigger this vulnerability, if the use is successful, you can get to the Server Permissions. Therefore, it is recommended you VPS webmasters, and quickly update the system patch.

If you are not using wordpress, did not dare to guarantee that other WEB applications not affected by this vulnerability. You can use the following command to test:

If it returns a Segmentation fault, indicating the presence of vulnerabilities.