DSA-1871-1 wordpress -- several vulnerabilities

Related Vulnerabilities: CVE-2008-6762   CVE-2008-6767   CVE-2009-2334   CVE-2009-2854   CVE-2009-2851   CVE-2009-2853   CVE-2008-1502   CVE-2008-4106   CVE-2008-4769   CVE-2008-4796   CVE-2008-5113  

Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks. CVE-2008-6767 It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack. CVE-2009-2334 It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information. CVE-2009-2854 It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions. CVE-2009-2851 It was discovered that the administrator interface is prone to a cross-site scripting attack. CVE-2009-2853 It was discovered that remote attackers can gain privileges via certain direct requests. CVE-2008-1502 It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks. CVE-2008-4106 It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user. CVE-2008-4769 It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code. CVE-2008-4796 It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs. CVE-2008-5113 It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies. For the oldstable distribution (etch), these problems have been fixed in version 2.0.10-1etch4. For the stable distribution (lenny), these problems have been fixed in version 2.5.1-11+lenny1. For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.8.3-1. We recommend that you upgrade your wordpress packages.

Debian Security Advisory

DSA-1871-1 wordpress -- several vulnerabilities

Date Reported:
23 Aug 2009
Affected Packages:
wordpress
Vulnerable:
Yes
Security database references:
In the Debian bugtracking system: Bug 531736, Bug 536724, Bug 504243, Bug 500115, Bug 504234, Bug 504771.
In Mitre's CVE dictionary: CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2854, CVE-2009-2851, CVE-2009-2853, CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113.
More information:

Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems:

  • CVE-2008-6762

    It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing atacks.

  • CVE-2008-6767

    It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack.

  • CVE-2009-2334

    It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information.

  • CVE-2009-2854

    It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions.

  • CVE-2009-2851

    It was discovered that the administrator interface is prone to a cross-site scripting attack.

  • CVE-2009-2853

    It was discovered that remote attackers can gain privileges via certain direct requests.

  • CVE-2008-1502

    It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks.

  • CVE-2008-4106

    It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user.

  • CVE-2008-4769

    It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code.

  • CVE-2008-4796

    It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs.

  • CVE-2008-5113

    It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies.

For the oldstable distribution (etch), these problems have been fixed in version 2.0.10-1etch4.

For the stable distribution (lenny), these problems have been fixed in version 2.5.1-11+lenny1.

For the testing distribution (squeeze) and the unstable distribution (sid), these problems have been fixed in version 2.8.3-1.

We recommend that you upgrade your wordpress packages.

Fixed in:

Debian GNU/Linux 4.0 (etch)

Source:
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.diff.gz
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4.dsc
Architecture-independent component:
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0.10-1etch4_all.deb

Debian GNU/Linux 5.0 (lenny)

Source:
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.dsc
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1.orig.tar.gz
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1.diff.gz
Architecture-independent component:
http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5.1-11+lenny1_all.deb

MD5 checksums of the listed files are available in the original advisory.