Back to Home

GHOST (dot) WEB: First Blood / Positive Technologies Blog

GHOST · vulnerability

GHOST (dot) WEB: First Blood

    Despite the skeptical forecasts of the Metasploit community about the prospects for the mass exploitation of CVE-2015-0235 , the first victims appeared. Positive Technologies researchers report having a “combat” exploit for this vulnerability in the popular phpBB forum. Wordpress and a number of other popular applications are also vulnerable. Using the vulnerability in the gethostbyname function allows an attacker to gain complete control over the operating system of the vulnerable server. The phpBB system is one of the popular means of adding forum features to websites. A quick Google search shows that this system is installed on more than 800,000 sites.

    image





    Naturally, not all of them are vulnerable to an attack related to the GHOST vulnerability, since this requires a combination of several factors. However, the rich host identification mechanisms make it possible to create a specialized exploit through http and achieve almost 100% attack success.

    Some advertising


    Users of Positive Technologies Application Firewall , as in the case of ShellShock or WordPress , can not rush to update their OS applications, but do it as planned. PT AF self-learning mechanisms reliably identify and block attacks. Of course, if the lock is on. You will not pass GHOST! I am PT AF. Return to TCP RST. YOU WILL NOT PASS! Naturally, this information was passed on to the developers of phpBB and a number of other popular applications. But the problem is not phpBB. Urgent need to update their systems .

    image

    image



    Read Next