A vulnerability has been discovered by WiredTree, a web hosting company, and now web host customers are being urged to patch the issue. WiredTree is known for hosting dedicated solutions (as well as VPS and basic shared plans), and discovered in February that users on Linux operating system needed an update immediately. A remote code execution vulnerability, reported on February 16 by Ars Technica, was compromised. It’s a vital part of the OS.
Linux developers have offered patches to lower the risk, but they’re pointless if users don’t take action to implement them. These patches include CentOS and Red Hat, the key distributions for hosting platforms, and it’s possible that more patches may pop up in coming weeks. So far, the vulnerability has been found in a number of places within the GNU C Library, which makes up nearly all of Linux distributions in one capacity or another.
Stop Being Vulnerable
Software ranging systems utilize the GNU C Library for many tasks, including web servers. It’s reported that the impact function is currently being used by “thousands of applications.” The President of WiredTree, Zac Cogswell, went on record to discuss the problem. “At WiredTree, we’ve had a busy week patching the servers of our managed hosting platform, a service we offer to all of our managed hosting clients,” he explained.
“However, although our clients are safe, we want to publicize this vulnerability as widely as possibly (sic). A vulnerability of this magnitude has the potential to be damaging to the entire online ecosystem. Patches are available for most distributions and server administrators should install them as soon as possible.” Cogswell did not go into detail about how this vulnerability came into fruition.
Are You in Danger?
This particular vulnerability is getting so much press because of the sheer spread. It occurs in one of the most popular components of GNU C Library via the DNS resolution system. It’s utilized in an incredible amount of Linux applications, as well as on millions of servers on a global scale. There’s so far been no proof that the vulnerability has caught the eye of hackers and cybercriminals, but given the recent announcement and scramble to get patches in place, it’s likely only a matter of time. Savvy hackers can cause serious destruction with this kind of vulnerability.
As for WiredTree, managed hosting leaders that are known for putting the client in the command chair, it’s also unclear how this will impact their client relationships. They offer hybrid and cloud hosting, too, proud to be on the cutting edge of the hosting game. For years, they’ve boasted of their great customer care, their average ticket response time being less than 15 minutes, and have over 5,000 users taking advantage of the complimentary hardware “level-ups.”
WiredTree also offers a great performing tech menu, such as the LiteSpeed web server, SSD hardware, MariaDB, Grove (an in-house system), and memcached. Still, some clients are expected to switch hosts, perhaps seeking out a local (to them) option without a history of vulnerabilities.
Latest posts by Drew Hendricks (see all)
- Patches? We Don’t Need No Stinking Patches. Or do we? - March 9, 2016
- Hosting and Your Online Business - February 16, 2016