Just wanted to let any of our wordpress users know that ASL and real time rules users are already protected from the WordPress TimThumb Plugin - Remote Code Execution vulnerability reported earlier this week.
Aside from the general rules we have in ASL and the real time rules (included in ASL) that already detect this class of vulnerability (in this case PHP files masquerading as image files) and RFI or remote file inclusion (we already had special rules for timthumb that only allowed image files in the src variable, so PHP files were already prevented), we also have rules to prevent the aftermaths of such a compromise from working, such as preventing unauthorized shells, upload tools, spam bots and so on from running. So, in case an attacker manages to gain access to your system, by whatever means, and installs malicious software, ASL and the real time rules have a second layer of defense to protect you.
And for ASL users, there is a third and forth layer of defense, the real time antimalware protection system which detects the kind of cloaking techniques attackers use to hide code from scanners and upload protection tools, and will prevent them from even loading, and the vulnerability and self-healing system which closes up several of methods used to compromise the system. ASL provides defense in depth against these types of attacks.
As long time ASL users know, ASL has lots of other security layers and controls too that help protect your system from compromise, such as the intelligent event correlation engine, realtime firewall blocking system, upload malware protection system, secure kernel, intrusion prevention systems and much more.
Last but not least, to make it easier to tell if you are been attacked with the timthumb exploit, just look for rule IDs 381202 and 381203 in your logs. If you are being attacked with this exploit, you will see ASL (or if you are a real time rule user) stopping these attacks.
Here at Atomicorp we work hard to make sure you don't have worry about these kinds security problems and vulnerabilities. If there is anything we can do to make that easier for you, or anything else you believe our products should do to protect you please let us know.
Atomicorp - Security For Everyone
Co-Author of Troubleshooting Linux Firewalls.