AHosting Warns WordPress Users Of Remote Code Execution Vulnerability

(Ping! Zine Web Hosting Magazine) – AHosting, a leading provider of WordPress hosting, has released an advisory warning WordPress users to immediately update Linux servers in light of the recent discovery of the GHOST vulnerability.

Because of the publicity surrounding the GHOST vulnerability and WordPress, AHosting has observed that a small number of WordPress users misunderstand the scope of the vulnerability and mistakenly believe that by updating their WordPress installation, they remove the risk.

While WordPress can be used as a vector in the GHOST attack, it is not itself the cause of the vulnerability. The company wants to make it clear that only by upgrading the underlying server operating system can the risk of the GHOST exploit be mitigated.

“As a provider of content management system hosting, we updated all of our WordPress hosting servers as soon as the patches became available, but we’re seeing a number of dedicated and virtual private server hosting clients failing to properly mitigate the risk of GHOST,” commented Daniel Page, Director of Business Development at AHosting, Inc., “We want to increase awareness that updating a WordPress installation, or any other CMS installation, isn’t enough to remove the risk — the underlying operating system should be updated.”

The GHOST vulnerability is caused by a overflow bug in the gethostbyname() function of the GNU C Library (glibc), which is an essential component of all Linux servers. WordPress, along with many other applications, makes use of the gethostbyname() function via a PHP wrapper, which means that it may be possible for a malicious individual to use WordPress to trigger the overflow bug and have arbitrary code executed on the server.

The only way to remove the GHOST vulnerability is to upgrade the server’s version of the glibc library — all major Linux distributions have released patches.

About Ahosting:

AHosting is a managed web hosting provider with facilities in Orlando, FL, and Detroit, MI, owned and operated by AHosting, Inc., supplying hosting services that are truly beyond imagination. Since 2002, AHosting has established one of the web’s premier solutions for reseller web hosting, multiple IP hosting, dedicated servers, and VPS hosting. For more information, visit http://www.ahosting.net.