Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 181513 - WordPress 2.2 Subscriber exploit
Summary: WordPress 2.2 Subscriber exploit
Status: RESOLVED DUPLICATE of bug 181277
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
URL: http://www.rodtempleton.net/2007/05/3...
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-06-10 07:37 UTC by Trenton D. Adams
Modified: 2007-06-10 07:47 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Trenton D. Adams 2007-06-10 07:37:33 UTC 
It appears that WordPress 2.2 has another vulnerability.  It's easy to fix, and it requires an subscriber level account in WordPress in order to exploit.  See the URL.  For me, I'm installing php apps in a xen VM, so I don't have to worry about security as much.  But, for others this might be a real issue.

On a side note, I would appreciate wordpress remaining in the portage.  I know there was a discussion to remove it.  But, it's up to people to make sure their own systems are secure.  You could add a message after emerge, recommending that it be run inside of a VM only, and that regular backups are done, due to a long history of security vulnerabilities.  Just a thought. :)

Reproducible: Always

Steps to Reproduce:
See the URL
Comment 1 Trenton D. Adams 2007-06-10 07:39:17 UTC 
Oh, by the way, I just downloaded the most recent wordpress tar.gz, and it is NOT fixed in there.  So perhaps there should be a patch on the gentoo side?
Comment 2 Tobias Scherbaum (RETIRED) gentoo-dev 2007-06-10 07:47:15 UTC 

*** This bug has been marked as a duplicate of bug 181277 ***