[Secure-testing-team] [Secure-testing-commits] r12571 - in data: . CVE
Michael S. Gilbert
michael.s.gilbert at gmail.com
Wed Aug 12 05:05:48 UTC 2009
On Wed, 12 Aug 2009 06:27:35 +0200 Giuseppe Iuculano wrote:
> Michael S. Gilbert ha scritto:
>
> > are you sure about this? i had checked lenny, and saw the vulnerable
> > bit of code in wp-login.php.
>
> I tried the PoF and it works only in 2.8.x.
> I didn't investigate the code because it really seems just an annoying bug, not
> a security issue.
the proof-of-concept may be version-specific. it may just require
minor modifications to be compatible with old versions. i think
conclusions need to be drawn based on known vulnerable source, rather
than checking against proof-of-concepts.
besides, it is just a one line change to address the flaw.
mike
More information about the Secure-testing-team
mailing list