Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15129
HistoryNov 18, 2006 - 12:00 a.m.

[ GLSA 200611-10 ] WordPress: Multiple vulnerabilities

2006-11-1800:00:00
vulners.com
15
JSON

Gentoo Linux Security Advisory GLSA 200611-10

                                        http://security.gentoo.org/

Severity: Normal
Title: WordPress: Multiple vulnerabilities
Date: November 17, 2006
Bugs: #153303
ID: 200611-10

Synopsis

Flaws in WordPress allow a Denial of Service, the disclosure of user
metadata and the overwriting of restricted files.

Background

WordPress is a PHP and MySQL based multiuser blogging system.

Affected packages

-------------------------------------------------------------------
 Package             /  Vulnerable  /                   Unaffected
-------------------------------------------------------------------

1 www-apps/wordpress < 2.0.5 >= 2.0.5

Description

"random" discovered that users can enter serialized objects as strings
in their profiles that will be harmful when unserialized. "adapter"
found out that user-edit.php fails to effectively deny non-permitted
users access to other user's metadata. Additionally, a directory
traversal vulnerability in the wp-db-backup module was discovered.

Impact

By entering specially crafted strings in his profile, an attacker can
crash PHP or even the web server running WordPress. Additionally, by
crafting a simple URL, an attacker can read metadata of any other user,
regardless of their own permissions. A user with the permission to use
the database backup plugin can possibly overwrite files he otherwise
has no access to.

Workaround

There is no known workaround at this time.

Resolution

All WordPress users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/wordpress-2.0.5&quot;

References

[ 1 ] CVE-2006-5705
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-5705
[ 2 ] WordPress Ticket 3142
http://trac.wordpress.org/ticket/3142
[ 3 ] WordPress Ticket 2591
http://trac.wordpress.org/ticket/2591

Availability

This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200611-10.xml

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users machines is of utmost
importance to us. Any security concerns should be addressed to
[email protected] or alternatively, you may file a bug at
http://bugs.gentoo.org.

License

Copyright 2006 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).

The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.

http://creativecommons.org/licenses/by-sa/2.5

Related

openvas 2
nessus 1
cve 2
debiancve 2
patchstack 1
ubuntucve 2
gentoo 1
prion 1
openvas
openvas
Gentoo Security Advisory GLSA 200611-10 (wordpress)
2008-09-24 00:00:00
Gentoo Security Advisory GLSA 200611-10 (wordpress)
2008-09-24 00:00:00
nessus
nessus
GLSA-200611-10 : WordPress: Multiple vulnerabilities
2006-11-20 00:00:00
cve
cve
CVE-2006-5705
2006-11-04 01:07:00
CVE-2008-0194
2008-01-10 00:46:00
debiancve
debiancve
CVE-2006-5705
2006-11-04 01:07:00
CVE-2008-0194
2008-01-10 00:46:00
patchstack
patchstack
WordPress <= 2.0.4 - Multiple Directory Traversal
2006-11-03 00:00:00
ubuntucve
ubuntucve
CVE-2006-5705
2006-11-04 00:00:00
CVE-2008-0194
2008-01-10 00:00:00
gentoo
gentoo
WordPress: Multiple vulnerabilities
2006-11-17 00:00:00
prion
prion
Directory traversal
2008-01-10 00:46:00
JSON
Related for SECURITYVULNS:DOC:15129
openvas2nessus1cve2debiancve2patchstack1ubuntucve2gentoo1prion1