[Secure-testing-team] Bug#531736: CVE-2008-6767, CVE-2008-6762

Giuseppe Iuculano giuseppe at iuculano.it
Wed Jun 3 17:11:42 UTC 2009


Package: wordpress
Severity: normal
Tags: security

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi,
the following CVE (Common Vulnerabilities & Exposures) ids were
published for wordpress.

CVE-2008-6767[0]:
| wp-admin/upgrade.php in WordPress, probably 2.6.x, allows remote
| attackers to upgrade the application, and possibly cause a denial of
| service (application outage), via a direct request.

CVE-2008-6762[1]:
| Open redirect vulnerability in wp-admin/upgrade.php in WordPress,
| probably 2.6.x, allows remote attackers to redirect users to arbitrary
| web sites and conduct phishing attacks via a URL in the backto
| parameter.

If you fix the vulnerabilities please also make sure to include the
CVE ids in your changelog entry.

For further information see:

[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6767
    http://security-tracker.debian.net/tracker/CVE-2008-6767
[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-6762
    http://security-tracker.debian.net/tracker/CVE-2008-6762

    http://archives.neohapsis.com/archives/bugtraq/2008-12/0226.html

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkomrsoACgkQNxpp46476ao4IQCgiNDcv98nX7sNWYv5GW2ed7b1
43gAnRxmAgvrTwoSyQCFskWFA4cOYqtZ
=lpIS
-----END PGP SIGNATURE-----





More information about the Secure-testing-team mailing list