[Secure-testing-team] Bug#541102: Remote users may reset the admin password

Daniel Leidert daniel.leidert at wgdd.de
Tue Aug 11 18:26:03 UTC 2009 

Package: wordpress
Version: 2.7.1-2
Severity: grave
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The original report says, that the issue can be used to compromise the
admin account. In a newer version it is said, that this is not possible.
But I set severity to grave for the moment. Please decide on your own.

http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html
http://core.trac.wordpress.org/changeset/11798

The vulnerability AFAIK applies to all versions, including version 2.8.3.
CVE number currently unknown.

Regards, Daniel


- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (850, 'unstable'), (700, 'testing'), (550, 'stable'), (110, 'experimental')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wordpress depends on:
ii  apache2                  2.2.12-1        Apache HTTP Server metapackage
ii  apache2-mpm-prefork [htt 2.2.12-1        Apache HTTP Server - traditional n
ii  libapache2-mod-php5      5.2.10.dfsg.1-2 server-side, HTML-embedded scripti
ii  libjs-jquery             1.3.3-1         JavaScript library for dynamic web
pn  libjs-prototype          <none>          (no description available)
pn  libjs-scriptaculous      <none>          (no description available)
pn  libphp-phpmailer         <none>          (no description available)
pn  libphp-snoopy            <none>          (no description available)
ii  php5                     5.2.10.dfsg.1-2 server-side, HTML-embedded scripti
pn  php5-gd | php4-gd        <none>          (no description available)
pn  php5-mysql | php4-mysql  <none>          (no description available)
pn  tinymce                  <none>          (no description available)
pn  virtual-mysql-client     <none>          (no description available)

wordpress recommends no packages.

Versions of packages wordpress suggests:
pn  virtual-mysql-server          <none>     (no description available)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqBt7cACgkQm0bx+wiPa4wKHQCeIaaLmxs52dNnGLq7YKLQeOhW
7E0An3w73ZMRvCi+9KJyDpf7+P1pVtSX
=CwaB
-----END PGP SIGNATURE-----

More information about the Secure-testing-team mailing list