The “GHOST” vulnerability is a security flaw within a key component of the Linux Operating System. The affected component “gethostbyname” is found in the Linux GNU C Library that is used by all Linux programs. If an attacker can pass a specially crafted hostname to the affected function it may be possible to execute malicious code on the system.

At the time of writing at least one exploitable scenario has been successfully demonstrated within the Exim mail system, further vectors including attacks against WordPress are being actively explored within the security community.

Appcheck NG has been updated to test for all currently known vectors including:

*    WordPress xmlrpc.php pingback

*    Local detection

Further attack vectors will be added as soon as they become known.