Summary: | www-apps/wordpress (versions < 2.0.9) File Enumeration CVE-2007-0541 | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Executioner <keith> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | beandog, jesus.de.santos, sgtphou, tom, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://www.securiteam.com/unixfocus/5WP0L1FKAI.html | ||
Whiteboard: | B4 [noglsa] XSS and information leak | ||
Package list: | Runtime testing required: | --- |
Description
Executioner
2007-01-25 21:07:33 UTC
I'm seriously considering masking wordpress until the security issues calm down. Three reports in three weeks do not a stable package make. (In reply to comment #1) > I'm seriously considering masking wordpress until the security issues calm > down. Three reports in three weeks do not a stable package make. > I fully agree. What's your decision? *** Bug 166680 has been marked as a duplicate of this bug. *** + http://www.securityfocus.com/bid/22534 thanks to Executioner for having reported it (In reply to comment #4) > + http://www.securityfocus.com/bid/22534 thanks to Executioner for having > reported it > This is difficult to exploit but fix is now available in WordPress svn. http://trac.wordpress.org/changeset/4876 for 2.1 http://trac.wordpress.org/changeset/4877 for 2.0.7 2.0.9 (2.0.8 is already tagged but not released yet) and 2.1.1 should be released soon beta versions are available from http://wordpress.org/download/release-archive/ (In reply to comment #5) > (In reply to comment #4) > > + http://www.securityfocus.com/bid/22534 thanks to Executioner for having > > reported it > > > > This is difficult to exploit but fix is now available in WordPress svn. > http://trac.wordpress.org/changeset/4876 for 2.1 > http://trac.wordpress.org/changeset/4877 for 2.0.7 > > > 2.0.9 (2.0.8 is already tagged but not released yet) and 2.1.1 should be > released soon beta versions are available from > http://wordpress.org/download/release-archive/ > Thanks for the note, Peter. 2.0.8 added to CVS, needs to be marked stable on arches. Thanks Steve, hi arches, please test and mark stable wordpress-2.0.8 please. (In reply to comment #6) > (In reply to comment #5) > > (In reply to comment #4) > > > + http://www.securityfocus.com/bid/22534 thanks to Executioner for having > > > reported it > > > > > > > This is difficult to exploit but fix is now available in WordPress svn. > > http://trac.wordpress.org/changeset/4876 for 2.1 > > http://trac.wordpress.org/changeset/4877 for 2.0.7 > > > > > > 2.0.9 (2.0.8 is already tagged but not released yet) and 2.1.1 should be > > released soon beta versions are available from > > http://wordpress.org/download/release-archive/ > > > > Thanks for the note, Peter. > > 2.0.8 added to CVS, needs to be marked stable on arches. > NB: 2.0.8 Doesn't fix the XSS issue - 2.0.9 will fix it. (In reply to comment #8) > (In reply to comment #6) > > (In reply to comment #5) > > > (In reply to comment #4) > > > > + http://www.securityfocus.com/bid/22534 thanks to Executioner for having > > > > reported it > > > > > > > > > > This is difficult to exploit but fix is now available in WordPress svn. > > > http://trac.wordpress.org/changeset/4876 for 2.1 > > > http://trac.wordpress.org/changeset/4877 for 2.0.7 > > > > > > > > > 2.0.9 (2.0.8 is already tagged but not released yet) and 2.1.1 should be > > > released soon beta versions are available from > > > http://wordpress.org/download/release-archive/ > > > > > > > Thanks for the note, Peter. > > > > 2.0.8 added to CVS, needs to be marked stable on arches. > > > > NB: 2.0.8 Doesn't fix the XSS issue - 2.0.9 will fix it. > Crap. Well 2.1 is in the tree, but it's masked. Needs some testing, if someone wants to help there. (In reply to comment #2) > (In reply to comment #1) > > I'm seriously considering masking wordpress until the security issues calm > > down. Three reports in three weeks do not a stable package make. > > > > I fully agree. What's your decision? > 2.0.9 is coming out pretty soon, as well as 2.1.1. I'm just going to sit on it for now, push those into the tree when they come out, and keep an eye on it. If it's still going to be a problem on a regular basis, then I'll mask it until they get things straightened out. >
> 2.0.9 is coming out pretty soon, as well as 2.1.1. I'm just going to sit on it
> for now, push those into the tree when they come out, and keep an eye on it.
> If it's still going to be a problem on a regular basis, then I'll mask it until
> they get things straightened out.
>
OK
2.0.9 is in the tree, needs testing and stabling *** Bug 167905 has been marked as a duplicate of this bug. *** x86, wordpress-2.0.9 ebuild is working perfectly in my machine. (In reply to comment #12) > 2.0.9 is in the tree, needs testing and stabling > adding arches to cc Stable for HPPA. SPARC stable www-apps/wordpress-2.0.9 USE="-vhosts" 1. emerges on x86 2. passes collision test 3. works Portage 2.1.2-r9 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.19.3 i686) ================================================================= System uname: 2.6.19.3 i686 AMD Athlon(TM) XP1800+ Gentoo Base System release 1.12.9 Timestamp of tree: Sat, 24 Feb 2007 11:00:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.3.5-r3, 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo /etc/texmf/web2c" CXXFLAGS="-O2 -march=i686 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" EMERGE_DEFAULT_OPTS="--nospinner" FEATURES="autoconfig ccache collision-protect distlocks fixpackages metadata-transfer parallel-fetch sandbox sfperms strict test userfetch userpriv usersandbox" GENTOO_MIRRORS="http://mirror.switch.ch/mirror/gentoo/ http://gentoo.inode.at/" LANG="en_GB.utf8" LINGUAS="en de en_GB" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/normal" SYNC="rsync://192.168.2.1/gentoo-portage" USE="3dnow 3dnowext X a52 aac alsa apache2 berkdb bitmap-fonts bzip2 cairo cdr cli cracklib crypt cups dbus divx4linux dri dts dvd dvdr dvdread eds emboss exif fam ffmpeg firefox fortran gdbm gif gnome gphoto2 gpm gstreamer gtk hal iconv ipv6 isdnlog java jpeg kde ldap libg++ mad midi mikmod mmx mmxext mono mp3 mpeg ncurses network nls nptl nptlonly ogg opengl oss pam pcre perl png ppds pppd python qt qt3 qt4 quicktime readline reflection samba sdl seamonkey session spell spl ssl svg tcpd test tetex tiff truetype truetype-fonts type1-fonts unicode usb vcd vorbis win32codecs x86 xine xinerama xml xorg xprint xv xvid zlib" ELIBC="glibc" INPUT_DEVICES="mouse keyboard" KERNEL="linux" LINGUAS="en de en_GB" USERLAND="GNU" VIDEO_CARDS="nv none" Unset: CTARGET, INSTALL_MASK, LC_ALL, LDFLAGS, MAKEOPTS, PORTAGE_RSYNC_EXTRA_OPTS x86 stable, thanks Markus. emerges fine and works for me on amd64 Portage 2.1.2-r9 (default-linux/amd64/2006.1/desktop, gcc-4.1.1, glibc-2.5-r0, 2.6.20-ck1 x86_64) ================================================================= System uname: 2.6.20-ck1 x86_64 AMD Athlon(tm) 64 X2 Dual Core Processor 4600+ Gentoo Base System release 1.12.9 Timestamp of tree: Mon, 26 Feb 2007 10:20:01 +0000 ccache version 2.4 [enabled] dev-java/java-config: 1.3.7, 2.0.31 dev-lang/python: 2.4.3-r4 dev-python/pycrypto: 2.0.1-r5 dev-util/ccache: 2.4-r6 sys-apps/sandbox: 1.2.17 sys-devel/autoconf: 2.13, 2.61 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10 sys-devel/binutils: 2.16.1-r3 sys-devel/gcc-config: 1.3.14 sys-devel/libtool: 1.5.22 virtual/os-headers: 2.6.17-r1 ACCEPT_KEYWORDS="amd64" AUTOCLEAN="yes" CBUILD="x86_64-pc-linux-gnu" CFLAGS="-march=k8 -O2 -pipe -msse3" CHOST="x86_64-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/share/X11/xkb" CONFIG_PROTECT_MASK="/etc/env.d /etc/env.d/java/ /etc/gconf /etc/java-config/vms/ /etc/revdep-rebuild /etc/terminfo" CXXFLAGS="-march=k8 -O2 -pipe -msse3" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig buildsyspkg ccache collision-protect distlocks metadata-transfer multilib-strict parallel-fetch sandbox sfperms strict test" GENTOO_MIRRORS="ftp://linux.rz.ruhr-uni-bochum.de/gentoo-mirror/ ftp://ftp.uni-erlangen.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp.wh2.tu-dresden.de/pub/mirrors/gentoo ftp://ftp.join.uni-muenster.de/pub/linux/distributions/gentoo ftp://ftp-stud.fht-esslingen.de/pub/Mirrors/gentoo/ ftp://ftp.gentoo.mesh-solutions.com/gentoo/ ftp://pandemonium.tiscali.de/pub/gentoo/ " LANG="en_US.ISO-8859-15" LC_ALL="en_US.ISO-8859-15" MAKEOPTS="-j3" PKGDIR="/usr/portage/packages" PORTAGE_RSYNC_EXTRA_OPTS="--exclude-from=/etc/portage/rsync_excludes" PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage/overlay" SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage" USE="X a52 aac acpi alsa amd64 audiofile berkdb bitmap-fonts branding bzip2 cairo cdinstall cdr cli cracklib crypt cups dbus divx dri dvd dvdr dvdread eds emboss encode fam ffmpeg firefox fortran gdbm gif gpm gstreamer gtk gtk2 hal iconv imagemagick ipod jpeg ldap libg++ lirc logrotate mad midi mikmod mp3 mpeg ncurses nls nptl nptlonly offensive ogg opengl pam pcre php png ppds pppd quicktime readline reflection rtc sdl session socks5 spl ssl svg symlink tcpd test tiff truetype truetype-fonts type1-fonts unicode v4l v4l2 vim-with-x vorbis wmp xinerama xorg xv xvid zlib" ALSA_CARDS="emu10k1" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="evdev keyboard" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" LIRC_DEVICES="inputlirc" USERLAND="GNU" VIDEO_CARDS="fglrx radeon" Unset: CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LDFLAGS, LINGUAS amd64 stable crap, there is another XSS just today, see bug 168449. calling for a vote on bug 168449 comment #4 is wrong. CVE-2007-0539 = SA23912 = bug 163817 = "pingback" information disclosure http://www.securityfocus.com/bid/22220 CVE-2007-1049 = SA24306 = bug 168449 = templates.php XSS http://www.securityfocus.com/bid/22534 ppc stable Ive dropped stable keywords on wordpress. OK Steeve, This bug is fixed in 2.0.9 but 2.0.9 is still vulnerable to bug 168449 and bug 168529. Since this bug is fixed and there is no stable ebuild, i close it. Feel free to reopen if you disagree. We'll vote on bug 168529 for a GLSA or no GLSA. |