Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 205967

Summary: www-apps/wordpress < 2.3.2 Multiple vulnerabilities (CVE-2008-{0191,0193,0195})
Product: Gentoo Security Reporter: Robert Buchholz (RETIRED) <rbu>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED INVALID    
Severity: trivial CC: web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.grok.org.uk/pipermail/full-disclosure/2008-January/059439.html
Whiteboard: ~4 [upstream]
Package list:
Runtime testing required: ---

Description Robert Buchholz (RETIRED) gentoo-dev 2008-01-15 15:04:53 UTC
CVE-2008-0191 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0191):
  WordPress 2.2.x and 2.3.x allows remote attackers to obtain sensitive
  information via an invalid p parameter in an rss2 action to the default URI,
  which reveals the full path and the SQL database structure.

CVE-2008-0193 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0193):
  Cross-site scripting (XSS) vulnerability in wp-db-backup.php in WordPress
  2.0.11 and earlier, and possibly 2.1.x through 2.3.x, allows remote attackers
  to inject arbitrary web script or HTML via the backup parameter in a
  wp-db-backup.php action to wp-admin/edit.php.

CVE-2008-0195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-0195):
  WordPress 2.0.11 and earlier allows remote attackers to obtain sensitive
  information via an empty value of the page parameter to certain PHP scripts
  under wp-admin/, which reveals the path in various error messages.
Comment 1 Robert Buchholz (RETIRED) gentoo-dev 2008-01-15 15:11:06 UTC
I bugged upstream about the status of these vulnerabilities.
Comment 2 Robert Buchholz (RETIRED) gentoo-dev 2008-01-15 15:40:42 UTC
Upstream replied:


> CVE-2008-0191

Cannot reproduce on 2.3.2 - db errors are hidden in 2.3.2.
Relavent trac tickets:
http://trac.wordpress.org/ticket/5471
http://trac.wordpress.org/ticket/5473

> CVE-2008-0193

Can't directly affect 2.3.2 - wp-db-backup is not included in the
WordPress 2.3.2 release.

> CVE-2008-0195

Can't reproduce on 2.3.2

_________

I did not test on a fresh 2.3.2 install -- confirmed their findings, so this is INVALID.