Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 293261 - <www-apps/wordpress-2.8.6: Multiple vulnerabilities (CVE-2009-{3890,3891})
Summary: <www-apps/wordpress-2.8.6: Multiple vulnerabilities (CVE-2009-{3890,3891})
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High trivial (vote)
Assignee: Gentoo Security
URL: http://wordpress.org/development/2009...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2009-11-15 09:58 UTC by Alex Legler (RETIRED)
Modified: 2009-11-22 13:23 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alex Legler (RETIRED) archtester gentoo-dev Security 2009-11-15 09:58:04 UTC
From $URL:
2.8.6 fixes two security problems that can be exploited by registered, logged in users who have posting privileges.  If you have untrusted authors on your blog, upgrading to 2.8.6 is recommended.

The first problem is an XSS vulnerability in Press This discovered by Benjamin Flesch.  The second problem, discovered by Dawid Golunski, is an issue with sanitizing uploaded file names that can be exploited in certain Apache configurations. Thanks to Benjamin and Dawid for finding and reporting these.
Comment 1 Stefan Behte (RETIRED) gentoo-dev Security 2009-11-18 19:35:37 UTC
CVE-2009-3890 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3890):
  Unrestricted file upload vulnerability in the wp_check_filetype
  function in wp-includes/functions.php in WordPress before 2.8.6, when
  a certain configuration of the mod_mime module in the Apache HTTP
  Server is enabled, allows remote authenticated users to execute
  arbitrary code by posting an attachment with a multiple-extension
  filename, and then accessing this attachment via a direct request to
  a wp-content/uploads/ pathname, as demonstrated by a .php.jpg
  filename.

CVE-2009-3891 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-3891):
  Cross-site scripting (XSS) vulnerability in wp-admin/press-this.php
  in WordPress before 2.8.6 allows remote authenticated users to inject
  arbitrary web script or HTML via the s parameter (aka the selection
  variable).

Comment 2 bunkacid 2009-11-21 03:25:20 UTC
Hi All,
The current wordpress .ebuild works with 2.8.6 build when incremented.
Comment 3 Tobias Scherbaum (RETIRED) gentoo-dev 2009-11-22 13:23:15 UTC
2.8.6 in CVS. Closing this one as no version was marked as stable.