Summary: | www-apps/wordpress: code injection (CVE-2006-2667,CVE-2006-2702) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Raphael Marichez (Falco) (RETIRED) <falco> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | CC: | superlag, web-apps |
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://retrogod.altervista.org/wordpress_202_xpl.html | ||
Whiteboard: | C1 [glsa] jaervosz | ||
Package list: | Runtime testing required: | --- |
Description
Raphael Marichez (Falco) (RETIRED)
2006-05-26 03:44:31 UTC
FYI AFAIK this won't work on a default install as the cache of db data is not enabled in 2.0.2 unless the user enables it. It would affect 2.0.1 though as it does have the cache enabled by default if i recall correctly (or that may have been 2.0) And since 2.0.1 is no longer in the tree, this seems like a moot point. Security team, wouldn't you agree? I have verified, as Peter has already mentioned, the cache is not on, unless enabled by the user. This is now patched upstream on the 2.0 branch for a future 2.0.3 release: http://trac.wordpress.org/changeset/3797 I don't know when the release is targetted for yet though. It's still vulnerable, just not in default configuration hence the C rating above. Aaron would you prefer to extract patch from CVS or wait for the upstream release? v2.0.3 is now released with the fix for this included. See: wordpress.org/development/2006/06/wordpress-203/ BTW, it eludes me how we can have phpBB masked and this one in stable... web-apps please bump. Coming right up. I'll have it in the tree shortly. Bumped. Marked stable on amd64. Yes, I'm on the arch team. :) Call in the cavalry. Let's have some keywording fun. Hi arches, you can go and stabilize wordpress-2.0.3 please amd64 already done, this is just for Koon's statistics x86 is done ^.^ ppc stable sparc stable. stable on hppa good, ready for GLSA Might be even A3 if the bundled version is affected, too. Quite some php apps use gd. Sorry, wrong bug from cache :( Peter/Aaron is there any way for a site admin to globally enable/disable this feature? (As I can't seem to find it) You don't/can't globally enable it for all installs. You enable it on an install by install basis in wp-config.php with: define('ENABLE_CACHE',True); You can force it off (although it is off by default) with: define('DISABLE_CACHE',True); GLSA 200606-08 , thanks everybody and particularly jaervosz. |