First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 202779
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Lars Hartmann <lars@chaotika.org>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 202779 depends on: Show dependency tree
Bug 202779 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-12-19 14:03 0000 
Michael Brooks has discovered a vulnerability in WordPress, which can be
exploited by malicious people to bypass certain security restrictions and to
disclose sensitive information.

The application does not properly restrict access to posted drafts to users
with valid administrator credentials. This can be exploited to read drafts by
accessing the index.php script with data in the "PATH_INFO" URL part ending
with "wp-admin/".

Examples:
http://[host]/[path]/index.php/wp-admin/
http://[host]/[path]/index.php/test-wp-admin/

The vulnerability is confirmed in version 2.3.1. Other versions may also be
affected.

Solution:
Do not post sensitive information as drafts.

Reproducible: Always

------- Comment #1 From Jakub Moc (RETIRED) 2008-01-02 20:48:07 0000 ------- 
*** Bug 204116 has been marked as a duplicate of this bug. ***

------- Comment #2 From Jakub Moc (RETIRED) 2008-01-02 20:52:06 0000 ------- 
2.3.2 is out; 

On a side note - dunno folks, but we've had 4 security bugs in two months since
this has been unmasked. I really feel that this code is plain hopeless to
support security-wise and the ebuild should be re-masked again.

------- Comment #3 From Robert Buchholz 2008-01-05 00:28:33 0000 ------- 
(In reply to comment #2)
> On a side note - dunno folks, but we've had 4 security bugs in two months since
> this has been unmasked. I really feel that this code is plain hopeless to
> support security-wise and the ebuild should be re-masked again.

As long as upstream is actively handling vulnerabilities, I think it can stay
~arch with us ensuring fast bumps. What's the point in having this ebuild after
all p.masked and security-rotting? Either maintain it (bumping-wise) or kick
it.

------- Comment #4 From Matt Summers 2008-01-05 16:48:53 0000 ------- 
I know many Gentoo users running this web app in a production environment. 
Regardless of the number of flaws discovered Wordpress is under active
development, and the vulnerabilities are fixed as fast as they can be.  I think
dropping support would be a disservice to the Gentoo community as well as the
OSS community at large.  On the other hand, masking it such that users know its
a potential security risk is not a bad idea, certainly better than removing it
from the tree.  Perhaps maintaining it ~ARCH keyworded and adding an einfo
statement regarding the history of this software would be apropos as well.

Any luck on the new ebuild for 2.3.2?  I am willing to test the ebuild on amd64
(hardened and desktop) when its available if it might be of any assistance.

Many thanks,

Summers

------- Comment #5 From Gunnar Wrobel 2008-01-08 06:32:09 0000 ------- 
I also feel that keeping it in unstable makes more sense than having it in an
masked and unmaintained state. But I added a security warning so that people
are able to note the problems we see with this app.

Added 2.3.2 to the tree. All archs unstable. Removed insecure versions. webapps
done here.

------- Comment #6 From Robert Buchholz 2008-01-15 14:30:36 0000 ------- 
The issues fixed in 2.3.2 are unrelated to CVE-2008-0191.
First Last Prev Next    No search results available      Search page      Enter new bug