Security researchers at Qualys discovered a Privilege Escalation vulnerability in the Linux program sudo. An attacker could exploit the vulnerability to increase the privileges and take over the server.
How does this server vulnerability affect WordPress websites?
The majority of the web runs on Linux, so the vulnerability affects most of the web. This includes WordPress websites hosted on Linux servers. One thing to keep in mind is that this is a server vulnerability, and your risk is based on your hosting environment.
The risk will be higher for those in a shared hosting environment. If exploited, the vulnerability can bypass the security measures that typically separate and secure websites from other websites on a shared server.
A successful attack on just one of the sites on a shared server could lead to all sites on that server being compromised.
While this vulnerability is dangerous, we have three major things working in our favor.
- Software patches to remove the vulnerability are available.
- The vulnerability requires an authenticated user to exploit, making it much more difficult for a hacker to exploit. (Note: The web server runs as an authenticated user which would be used to run the exploit.)
- Liquid Web (iThemes parent company) has not seen any attempts to exploit this vulnerability.
What can you do to protect your WordPress website?
The sudo vulnerability lives on the server level, and WordPress lives on the application level. One thing to consider is that an attacker could gain access to your server by exploiting an existing vulnerability in your WordPress website. Once they have access to your server, they could exploit the sudo vulnerability.
If successfully exploited, the sudo vulnerability could give hackers unrestrained server-level access. This would be a huge score for any cybercriminal!
With the potential score that the sudo vulnerability offers, it could lead to hackers targeting known WordPress vulnerabilities that could give them the opportunity to exploit the sudo vulnerability.
But there are a couple of things you can do to harden your website’s security to prevent this from happening.
1. Update Everything
Keeping software updated is an essential part of any WordPress security strategy. Updates aren’t just for bug fixes and new features. Updates can also include critical security patches.
The iThemes Security Pro Version Management feature makes it easy to customize and automate your WordPress updates.
2. Scan Your Website For Vulnerabilities
A faster way to protect your website from easy hacker exploits is to use automated scans to check your websites for known vulnerabilities.
The iThemes Security Pro Site Scanner is your way to automate vulnerability protection on all of your WordPress websites. The Site Scanner checks your site for known vulnerabilities and will automatically apply a patch if one is available.
3. Monitor File Changes
While the chances of the sudo vulnerability being successfully exploited are slim, you will want to know as soon as possible if it is exploited.
One way to spot a security breach is to monitor file changes on your website.
The File Change Detection feature in iThemes Security Pro will scan your website’s files and alert you when changes occur on your website.
There are several legitimate reasons you would see new file change activity in your logs, but if the changes made were unexpected, you should take the time to ensure the changes were not malicious. For example, if you see a change made to a plugin on the same date and time you updated the plugin, there would be no reason to investigate.
How do you make sure your servers have the fix applied?
Most hosts have likely already patched the vulnerability or are working rapidly to patch the vulnerability across their servers.
It would be best if you give your hosting company a couple of days, and then you can reach out to confirm the patch has been applied to your website’s server.
For those of you managing your own server, make sure you install the latest package updates and confirm that you have the latest version of sudo.
What does this mean for iThemes Hosting Customers?
The vulnerability is patched on all iThemes Hosting servers, and there is no risk to iThemes Hosting customers.
The Linux program sudo has a severe but difficult to exploit vulnerability. While this is a critical issue, most hosting providers either already patched or will soon patch the vulnerability.
For the sake of caution, you should ensure that WordPress plugins and themes are updated and monitor for any malicious file changes.