Debian Bug report logs -
#437085
CVE-2007-1599: wp-login.php allows remote attackers to redirect authenticated users to other websites
Reported by: Steffen Joeris <steffen.joeris@skolelinux.de>
Date: Fri, 10 Aug 2007 11:27:01 UTC
Severity: minor
Fixed in versions wordpress/2.0.10-1etch4, 2.2.2-1
Done: Giuseppe Iuculano <giuseppe@iuculano.it>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>
:
Bug#437085
; Package wordpress
.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
New Bug report received and forwarded. Copy sent to Kai Hendry <hendry@iki.fi>
.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wordpress
Severity: important
Hi
There are three CVE numbers[0][1][2] issued for wordpress.
Unfortunately, they do not tell me a lot. Can you maybe have a look at
them and checkout, if they affect the current debian versions?
The three texts say:
CVE-2007-1599:
wp-login.php in WordPress allows remote attackers to redirect
authenticated users to other websites and potentially obtain sensitive
information via the redirect_to parameter.
CVE-2007-2627:
Cross-site scripting (XSS) vulnerability in sidebar.php in WordPress,
when custom 404 pages that call get_sidebar are used, allows remote
attackers to inject arbitrary web script or HTML via the query string
(PHP_SELF), a different vulnerability than CVE-2007-1622.
CVE-2007-3238:
Cross-site scripting (XSS) vulnerability in functions.php in the default
theme in WordPress 2.2 allows remote authenticated administrators to
inject arbitrary web script or HTML via the PATH_INFO (REQUEST_URI) to
wp-admin/themes.php, a different vulnerability than CVE-2007-1622. NOTE:
this might not cross privilege boundaries in some configurations, since
the Administrator role has the unfiltered_html capability.
Please also note the CVE numbers in the changelog, if you should decide
to include fixes.
Cheers
Steffen
[0]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1599
[1]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2627
[2]: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3238
Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>
:
Bug#437085
; Package wordpress
.
(full text, mbox, link).
Acknowledgement sent to hendry@iki.fi
:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>
.
(full text, mbox, link).
Message #10 received at 437085@bugs.debian.org (full text, mbox, reply):
I am urging the security team to sponsor 2.0.11 into the stable archive.
As for testing/unstable and 2.2.2 has 2627 and 3238 fixed. 1599 is not
a priority.
---------- Forwarded message ----------
From: Mark Jaquith <mark.jaquith@txfx.net>
Date: Aug 3, 2007 10:05 PM
Subject: Re: http://wordpress.org/development/2007/06/wordpress-221/
To: hendry@iki.fi, Ryan Boren <ryan@boren.nu>
CVE-2007-0540 - This won't be fixed for this version. It's a tricky
problem without an obvious solution. It's low on the security ladder,
thankfully.
CVE-2007-1230 - This is rather vague, but the one I can glean from it
was already fixed in 2.0.10 - http://trac.wordpress.org/changeset/5058
CVE-2007-1244 - This is XSS, not CSRF. It is fixed... likely in [5058]
CVE-2007-1599 - This won't be fixed for this version. We are
discussing the issue. It's not really an exploit so much as a very
slight Phishing aid, so it's not a huge priority.
CVE-2007-1732 - There is no such parameter -- the bug is inadequately described.
CVE-2007-2627 - This was fixed almost two years ago:
http://trac.wordpress.org/changeset/2884/trunk/wp-content/themes/default/searchform.php
CVE-2007-2821 - This will be fixed in 2.0.11 (
http://trac.wordpress.org/changeset/5442 )
CVE-2007-3140 - Does not apply to 2.0.x branch
CVE-2007-3238 - This will be fixed in 2.0.11 (
http://trac.wordpress.org/changeset/5680/branches/2.0/wp-content/themes/default/functions.php
)
On 8/3/07, Kai Hendry <kai.hendry@gmail.com> wrote:
> http://security-tracker.debian.net/tracker/source-package/wordpress
>
> I'm having trouble tracking down these CVEs in Trac. :)
>
> I hope you can give me some pointers. Debian security and putting the
> screws in again!
>
>
--
Mark Jaquith
http://markjaquith.com/ | http://txfx.net/
Covered Web Services
http://coveredwebservices.com/
WordPress Ninja @ b5media Inc
http://b5media.com/
Reply sent to Kai Hendry <hendry@iki.fi>
:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 437085-done@bugs.debian.org (full text, mbox, reply):
Thanks for your concern Steffen.
I'll make more of an effort to mark the CVEs in the changelogs.
Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>
:
Bug#437085
; Package wordpress
.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>
.
(full text, mbox, link).
Message #20 received at 437085@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Hi
Thanks for checking the wordpress package. Can you please tell me in which
debian version the CVEs are fixed? This way I can mark them with the version
number in our security tracker.
Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]
Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>
:
Bug#437085
; Package wordpress
.
(full text, mbox, link).
Acknowledgement sent to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>
.
(full text, mbox, link).
Message #25 received at 437085@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
reopen 437085
severity 437085 normal
thanks
Hi
Thanks for all the detailed information. I reopen the bugreport and set it to
severity "normal" until CVE-2007-1599 is fixed. Hope this is ok with you :)
Cheers
Steffen
[signature.asc (application/pgp-signature, inline)]
Bug reopened, originator not changed.
Request was from Steffen Joeris <steffen.joeris@skolelinux.de>
to control@bugs.debian.org
.
(Mon, 13 Aug 2007 11:00:02 GMT) (full text, mbox, link).
Severity set to `normal' from `important'
Request was from Steffen Joeris <steffen.joeris@skolelinux.de>
to control@bugs.debian.org
.
(Mon, 13 Aug 2007 11:00:03 GMT) (full text, mbox, link).
Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>
:
Bug#437085
; Package wordpress
.
(full text, mbox, link).
Acknowledgement sent to hendry@iki.fi
:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>
.
(full text, mbox, link).
Message #34 received at 437085@bugs.debian.org (full text, mbox, reply):
Ok, though just to recall upstream's comments on this one:
CVE-2007-1599 - This won't be fixed for this version. We are
discussing the issue. It's not really an exploit so much as a very
slight Phishing aid, so it's not a huge priority.
So I might adjust the severity to minor.
Cheers,
Severity set to `minor' from `normal'
Request was from Kai Hendry <hendry@iki.fi>
to control@bugs.debian.org
.
(Mon, 13 Aug 2007 11:24:01 GMT) (full text, mbox, link).
Changed Bug title to `CVE-2007-1599: wp-login.php allows remote attackers to redirect authenticated users to other websites' from `several CVEs against wordpress'.
Request was from Raphael Geissert <atomo64@gmail.com>
to control@bugs.debian.org
.
(Sun, 02 Nov 2008 01:57:02 GMT) (full text, mbox, link).
Bug Marked as fixed in versions wordpress/2.0.10-1etch4.
Request was from Giuseppe Iuculano <giuseppe@iuculano.it>
to control@bugs.debian.org
.
(Sat, 15 Aug 2009 16:18:07 GMT) (full text, mbox, link).
Reply sent
to Giuseppe Iuculano <giuseppe@iuculano.it>
:
You have taken responsibility.
(Sat, 15 Aug 2009 16:18:09 GMT) (full text, mbox, link).
Notification sent
to Steffen Joeris <steffen.joeris@skolelinux.de>
:
Bug acknowledged by developer.
(Sat, 15 Aug 2009 16:18:09 GMT) (full text, mbox, link).
Message #45 received at 437085-done@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
Version: 2.2.2-1
Fixed in wordpress 2.2.2-1
Cheers,
Giuseppe.
[signature.asc (application/pgp-signature, attachment)]
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org
.
(Sun, 13 Sep 2009 07:45:23 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:44:13 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.