AHosting, managed hosting and WordPress web hosting provider with the company / center operated facilities data in Orlando, FL, Detroit, MI, has issued an advisory warning for WordPress users to immediately update Linux servers in the light of the recent discovery of the vulnerability GHOST.
AHosting observed a small number of WordPress hosting users misunderstand the scope of the vulnerability, they mistakenly believe that by updating their WordPress installation, they remove the risk.
While WordPress can be used as a vector in the attack GHOST, it is not itself the cause of vulnerability. AHosting means clearly that only by upgrading the operating system of the server underlying risk can be mitigated GHOST feat.
"As a hosting provider of content management system, we have updated our entire WordPress hosting servers as soon as patches become available, but we see a number of dedicated server and virtual private server hosting customers failing to properly mitigate the risk of GHOST, "said Daniel page, Director of Business development at AHosting. "We want to increase awareness that the update installation of WordPress or any other CMS installation, is not enough to eliminate the risk. - The underlying operating system should be made day "
GHOST vulnerability is caused by an overflow bug in the gethostbyname () function of the GNU C library (glibc), which is an essential component of all Linux servers.
WordPress, and many other applications that use the gethostbyname () function via a PHP shell, which means it may be possible for a malicious individual to use WordPress to trigger the bug overflow and having an arbitrary code executed on the server.
the only way to remove the GHOST vulnerability is to upgrade the server version of glibc -. all major Linux distributions have released patches
0 Komentar