Debian Bug report logs -
#500115
CVE-2008-4106: WordPress allows remote attackers to change an arbitrary user's password to a random value
Reported by: Stefan Fritsch <sf@sfritsch.de>
Date: Thu, 25 Sep 2008 08:57:09 UTC
Severity: grave
Tags: security
Found in version wordpress/2.0.10-1
Fixed in version wordpress/2.5.1-8
Done: Andrea De Iacovo <andrea.de.iacovo@gmail.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded
to debian-bugs-dist@lists.debian.org, Andrea De Iacovo <andrea.de.iacovo@gmail.com>:
Bug#500115; Package wordpress.
(Thu, 25 Sep 2008 08:57:12 GMT) (full text, mbox, link).
Acknowledgement sent
to Stefan Fritsch <sf@sfritsch.de>:
New Bug report received and forwarded. Copy sent to Andrea De Iacovo <andrea.de.iacovo@gmail.com>.
(Thu, 25 Sep 2008 08:57:12 GMT) (full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: wordpress
Version: 2.0.10-1
Severity: grave
Tags: security
Hi,
the following CVE (Common Vulnerabilities & Exposures) id was
published for wordpress.
CVE-2008-4106[0]:
| WordPress before 2.6.2 does not properly handle MySQL warnings about
| insertion of username strings that exceed the maximum column width
| of the user_login column, and does not properly handle space
| characters when comparing usernames, which allows remote attackers
| to change an arbitrary user's password to a random value by
| registering a similar username and then requesting a password reset,
| related to a "SQL column truncation vulnerability." NOTE: the
| attacker can discover the random password by also exploiting
| CVE-2008-4107.
If you fix the vulnerability please also make sure to include the
CVE id in your changelog entry.
For further information see:
[0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106
http://security-tracker.debian.net/tracker/CVE-2008-4106
Information forwarded
to debian-bugs-dist@lists.debian.org:
Bug#500115; Package wordpress.
(Thu, 25 Sep 2008 18:12:03 GMT) (full text, mbox, link).
Acknowledgement sent
to Andrea De Iacovo <andrea.de.iacovo@gmail.com>:
Extra info received and forwarded to list.
(Thu, 25 Sep 2008 18:12:03 GMT) (full text, mbox, link).
Message #10 received at 500115@bugs.debian.org (full text, mbox, reply):
[Message part 1 (text/plain, inline)]
> Package: wordpress
> Version: 2.0.10-1
> Severity: grave
> Tags: security
>
> Hi,
> the following CVE (Common Vulnerabilities & Exposures) id was
> published for wordpress.
>
> CVE-2008-4106[0]:
> | WordPress before 2.6.2 does not properly handle MySQL warnings about
> | insertion of username strings that exceed the maximum column width
> | of the user_login column, and does not properly handle space
> | characters when comparing usernames, which allows remote attackers
> | to change an arbitrary user's password to a random value by
> | registering a similar username and then requesting a password reset,
> | related to a "SQL column truncation vulnerability." NOTE: the
> | attacker can discover the random password by also exploiting
> | CVE-2008-4107.
>
> If you fix the vulnerability please also make sure to include the
> CVE id in your changelog entry.
>
> For further information see:
>
> [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106
> http://security-tracker.debian.net/tracker/CVE-2008-4106
>
>
I prepared a new package and now I'm waiting for my sponsor to upload
it.
Thank you for reporting.
Regards.
Andrea De Iacovo
[signature.asc (application/pgp-signature, inline)]
Reply sent
to Andrea De Iacovo <andrea.de.iacovo@gmail.com>:
You have taken responsibility.
(Mon, 29 Sep 2008 18:00:07 GMT) (full text, mbox, link).
Notification sent
to Stefan Fritsch <sf@sfritsch.de>:
Bug acknowledged by developer.
(Mon, 29 Sep 2008 18:00:07 GMT) (full text, mbox, link).
Message #15 received at 500115-close@bugs.debian.org (full text, mbox, reply):
Source: wordpress
Source-Version: 2.5.1-8
We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:
wordpress_2.5.1-8.diff.gz
to pool/main/w/wordpress/wordpress_2.5.1-8.diff.gz
wordpress_2.5.1-8.dsc
to pool/main/w/wordpress/wordpress_2.5.1-8.dsc
wordpress_2.5.1-8_all.deb
to pool/main/w/wordpress/wordpress_2.5.1-8_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 500115@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Andrea De Iacovo <andrea.de.iacovo@gmail.com> (supplier of updated wordpress package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Thu, 25 Sep 2008 17:02:47 +0200
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.5.1-8
Distribution: unstable
Urgency: high
Maintainer: Andrea De Iacovo <andrea.de.iacovo@gmail.com>
Changed-By: Andrea De Iacovo <andrea.de.iacovo@gmail.com>
Description:
wordpress - weblog manager
Closes: 500115
Changes:
wordpress (2.5.1-8) unstable; urgency=high
.
* Added 009CVE2008-4106 patch. (Closes: #500115)
Whitespaces in user name are now checked during login.
It's not possible to register an "admin(n-whitespaces)" user anymore
to gain unauthorized access to the admin panel.
Checksums-Sha1:
ddcd32a0c62f44ddcd8aeddb9ea3589e35bfcc9a 1311 wordpress_2.5.1-8.dsc
d46ab90741cd29130132501de46c4184b78947f6 696271 wordpress_2.5.1-8.diff.gz
e9c1893007224f096207b4a665dede19236f275e 1040448 wordpress_2.5.1-8_all.deb
Checksums-Sha256:
2ea559a1c1fe59970cf6b651821efd63691429b0ea4506c0ca554a377fd9f27a 1311 wordpress_2.5.1-8.dsc
d620a239cd29c0d50e81b62275266758d27adbe9b74cfff6d7da0feea37a1e18 696271 wordpress_2.5.1-8.diff.gz
4582c2b54dab7684d9e494d5a85a6c666ff82bd0751517daa77fdc7e12711904 1040448 wordpress_2.5.1-8_all.deb
Files:
ea1d8008d61d87a6162c52865a711728 1311 web optional wordpress_2.5.1-8.dsc
15993dd241ed5cb18bb81a07ffc53b97 696271 web optional wordpress_2.5.1-8.diff.gz
747a09ad403374f7876c7edc38f90546 1040448 web optional wordpress_2.5.1-8_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
iQEcBAEBAgAGBQJI4RIYAAoJEGz0hbPcukPfZmQH/3I2aVoWjpQTYsrtrpLsgqkn
ViEO32aVazRJc5C0SKubb4JFnVdwDSpJU7dzypUesc3lEfNoQg0tx9WBLDKI72cp
ueCVWybAtS3dboYNIENcGJ9VttMN7DE44Rumcz5n0BXujGy97oXKjgwMXQO3ZGpW
s9X4OlUR+soEkF/wGFsXlt1GRaEeYLsBQ5np+kg/gUleoNeex+7hXmRi+0VQdern
ul5abAhVfXACsFdLxDE1aE3DLKh8qOnvAXupWZddp/IclVtC/W+b1AIsz5v7LC/S
0bdSVQZwh++c8zQzs/7IEWB3sy7/W+dqTDE3938aiTWYOJp3XlNst4AFGO5Ipk8=
=rvSn
-----END PGP SIGNATURE-----
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 16 Feb 2009 07:48:58 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 15:42:02 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon