219912 – (CVE-2008-1930) Wordpress 2.5 Cookie Integrity Protection Vulnerability (CVE-2008-1930,CVE-2008-2068)

Bug 219912 (CVE-2008-1930) - Wordpress 2.5 Cookie Integrity Protection Vulnerability (CVE-2008-1930,CVE-2008-2068)

Summary: Wordpress 2.5 Cookie Integrity Protection Vulnerability (CVE-2008-1930,CVE-20...

Status:	RESOLVED DUPLICATE of bug 168529

Alias:	CVE-2008-1930

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High normal (vote)
Assignee:	Gentoo Security

URL:	http://archives.neohapsis.com/archive...
Whiteboard:
Keywords:

Depends on:
Blocks:

Reported:	2008-05-01 09:35 UTC by Bernd Marienfeldt
Modified:	2008-05-06 15:47 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Bernd Marienfeldt 2008-05-01 09:35:58 UTC

An attacker, who is able to register a specially crafted username on
 a Wordpress 2.5 installation, is able to generate authentication
 cookies for other chosen accounts.

 This vulnerability exists because it is possible to modify
 authentication cookies without invalidating the cryptographic
 integrity protection.

 If a Wordpress blog is configured to freely permit account creation,
 a remote attacker can gain Wordpress-administrator access and then
 elevate this to arbitrary code execution as the web server user.

 The vulnerability is fixed in Wordpress 2.5.1

Comment 1 Robert Buchholz (RETIRED) gentoo-dev

2008-05-02 09:52:30 UTC

Thanks for the report.

2.5.1 is already in the tree, but still in p.mask.

*** This bug has been marked as a duplicate of bug 168529 ***

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2008-05-06 15:47:27 UTC

This also fixed CVE-2008-2068 (XSS).