Verizon WAF Protects WordPress Applications from the GHOST Bug
A critical buffer overflow vulnerability dubbed GHOST has been identified in glibc, a core Linux library. Specifically, the vulnerability known as CVE-2015-0235 in the Common Vulnerabilities and Exposures database refers to the Linux glibc library gethostbyname*() function. This function is typically used to resolve hostnames. The vulnerability can be exploited remotely to compromise servers. Although the vulnerability has been mitigated in glibc-2.18 published on May 21, 2013, many systems may not have been properly patched and therefore may be vulnerable.
Security researchers have also discovered that PHP applications such as the WordPress Content Management System can be used to exploit this vulnerability. WordPress’s XML-RPC pingback feature uses the gethostbyname() function to validate URLs. By inserting malicious URLs into the pingback, attackers can trigger buffer overflows and gain privileged access to the host servers.
Verizon Digital Media Services Web Application Firewall (WAF) provides rules to block such attacks on the WordPress XML-RPC pingback feature. Our WAF also offers protection against many other publicly known vulnerabilities in WordPress and other applications.
We have also done extensive vulnerability assessment of our internal systems and confirmed no exposure to this issue. As a precaution we are deploying the most recent glibc library version on all our systems.