Recent Vulnerabilities Research Posts Trends Blog About Contact

Related Vulnerabilities: CVE-2006-6808

Source

Debian Bug report logs - #405299
FrSIRT/ADV-2006-5191: WordPress "get_file_description()" Function Client-Side Cross Site Scripting Vulnerability

Package: wordpress; Maintainer for wordpress is Craig Small <csmall@debian.org>; Source for wordpress is src:wordpress (PTS, buildd, popcon).

Reported by: Enrique Garcia <kike+bts@eldemonionegro.com>

Date: Tue, 2 Jan 2007 13:18:21 UTC

Severity: normal

Found in version wordpress/2.0.5-0.1

Fixed in version wordpress/2.0.6-1

Done: Kai Hendry <hendry@iki.fi>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#405299; Package wordpress. (full text, mbox, link).

Acknowledgement sent to Enrique Garcia <kike+bts@eldemonionegro.com>:
New Bug report received and forwarded. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

Package: wordpress
Version: 2.0.5-0.1
Severity: normal


Technical Description

A vulnerability has been identified in WordPress, which could be exploited by attackers to execute arbitrary scripting code. This issue is due to an input validation error in the "get_file_description()" function when called via the "wp-admin/templates.php" script, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.


Affected Products

WordPress version 2.0.5 and prior


Solution

A fix is available via CVS :
http://trac.wordpress.org/changeset/4665


References

http://www.frsirt.com/english/advisories/2006/5191
http://michaeldaw.org/md-hacks/wordpress-persistent-xss/


-- System Information:
Debian Release: 4.0
  APT prefers testing
  APT policy: (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-686
Locale: LANG=es_ES.utf8, LC_CTYPE=es_ES@euro (charmap=ISO-8859-15)

Versions of packages wordpress depends on:
ii  apache2                       2.2.3-3.2  Next generation, scalable, extenda
ii  apache2-mpm-prefork [httpd]   2.2.3-3.2  Traditional model for Apache HTTPD
ii  mysql-client-5.0 [virtual-mys 5.0.30-1   mysql database client binaries
ii  php5                          5.2.0-8    server-side, HTML-embedded scripti
ii  php5-mysql                    5.2.0-8    MySQL module for php5

wordpress recommends no packages.

-- no debconf information

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#405299; Package wordpress. (full text, mbox, link).

Acknowledgement sent to hendry@iki.fi:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #10 received at 405299@bugs.debian.org (full text, mbox, reply):

---------- Forwarded message ----------
From: Ryan Boren <ryan@boren.nu>
Date: Jan 2, 2007 7:32 PM
Subject: Re: Bug#405299: FrSIRT/ADV-2006-5191: WordPress
"get_file_description()" Function Client-Side Cross Site Scripting
Vulnerability
To: hendry@iki.fi




On 1/2/07, Kai Hendry <kai.hendry@gmail.com> wrote:
> I guess a release is due?

One is coming soon. We have a release candidate out that fixes this.

http://wordpress.org/beta/wordpress-2.0.6-RC2.zip

Ryan

Information forwarded to debian-bugs-dist@lists.debian.org, Kai Hendry <hendry@iki.fi>:
Bug#405299; Package wordpress. (full text, mbox, link).

Acknowledgement sent to hendry@iki.fi:
Extra info received and forwarded to list. Copy sent to Kai Hendry <hendry@iki.fi>. (full text, mbox, link).

Message #15 received at 405299@bugs.debian.org (full text, mbox, reply):

Yesterday I prepared a new package quickly. I have just moved to
Berlin and I have poor access to the Internet. :(

I've asked my sponsor Fabio to upload, though everyone please test
this package as I couldn't. Also anyone know the CAN/CVE for this
security issue?

http://hendry.iki.fi/debian/unstable/wordpress_2.0.6-1_i386.changes

/me hops this silly windows machine with USB internet that can't be shared

Reply sent to Kai Hendry <hendry@iki.fi>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Enrique Garcia <kike+bts@eldemonionegro.com>:
Bug acknowledged by developer. (full text, mbox, link).

Message #20 received at 405299-close@bugs.debian.org (full text, mbox, reply):

Source: wordpress
Source-Version: 2.0.6-1

We believe that the bug you reported is fixed in the latest version of
wordpress, which is due to be installed in the Debian FTP archive:

wordpress_2.0.6-1.diff.gz
  to pool/main/w/wordpress/wordpress_2.0.6-1.diff.gz
wordpress_2.0.6-1.dsc
  to pool/main/w/wordpress/wordpress_2.0.6-1.dsc
wordpress_2.0.6-1_all.deb
  to pool/main/w/wordpress/wordpress_2.0.6-1_all.deb
wordpress_2.0.6.orig.tar.gz
  to pool/main/w/wordpress/wordpress_2.0.6.orig.tar.gz



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 405299@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Kai Hendry <hendry@iki.fi> (supplier of updated wordpress package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Fri,  5 Jan 2007 14:04:56 +0000
Source: wordpress
Binary: wordpress
Architecture: source all
Version: 2.0.6-1
Distribution: unstable
Urgency: high
Maintainer: Kai Hendry <hendry@iki.fi>
Changed-By: Kai Hendry <hendry@iki.fi>
Description: 
 wordpress  - an award winning weblog manager
Closes: 405299 405691
Changes: 
 wordpress (2.0.6-1) unstable; urgency=high
 .
   * New upstream release
   * Security fix, urgency high.
   * FrSIRT/ADV-2006-5191, CVE-2006-6808: WordPress "get_file_description()"
     Function Client-Side Cross Site Scripting Vulnerability.
     (Closes: #405299, #405691)
Files: 
 46850a512b12d5aa7209837945b2e597 558 web optional wordpress_2.0.6-1.dsc
 ebe00cee610065bc576bb38db18c792c 518012 web optional wordpress_2.0.6.orig.tar.gz
 577384ff03e82a9941c8145040df4fe7 8076 web optional wordpress_2.0.6-1.diff.gz
 bbc3e04ae707f2ec4e4e5fdc2719e5e0 519880 web optional wordpress_2.0.6-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFogUqK/juK3+WFWQRAhziAJ4qNGMwcqI9wbSKpSxiVIfpFR/QsgCfeENA
eXw2wfz+CjWaO3qSyfzaUIM=
=mmaR
-----END PGP SIGNATURE-----

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Wed, 27 Jun 2007 09:24:41 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 13:05:08 2019; Machine Name: buxtehude

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

FrSIRT/ADV-2006-5191: WordPress "get_file_description()" Function Client-Side Cross Site Scripting Vulnerability

Debian Bug report logs - #405299 FrSIRT/ADV-2006-5191: WordPress "get_file_description()" Function Client-Side Cross Site Scripting Vulnerability

Vulmon Search

About

Products

Connect

Debian Bug report logs - #405299
FrSIRT/ADV-2006-5191: WordPress "get_file_description()" Function Client-Side Cross Site Scripting Vulnerability