Bug 444396 (CVE-2008-2068)
Summary: | wordpress: security fixes in upstream version 2.5.1 (CVE-2008-1930, CVE-2008-2068) | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Tomas Hoger <thoger> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED ERRATA | QA Contact: | |
Severity: | high | Docs Contact: | |
Priority: | high | ||
Version: | unspecified | CC: | adrian, john |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | Bug Fix | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2008-07-25 08:59:37 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomas Hoger
2008-04-28 06:49:39 UTC
CVE-2008-1930: An attacker, who is able to register a specially crafted username on a Wordpress 2.5 installation, is able to generate authentication cookies for other chosen accounts. This vulnerability exists because it is possible to modify authentication cookies without invalidating the cryptographic integrity protection. If a Wordpress blog is configured to freely permit account creation, a remote attacker can gain Wordpress-administrator access and then elevate this to arbitrary code execution as the web server user. The vulnerability is fixed in Wordpress 2.5.1 References: http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt http://marc.info/?l=full-disclosure&m=120913941501562&w=4 http://trac.wordpress.org/changeset/7822 (This is probably the secret issue, with undisclosed details.) Addition to comment #1: According to Steven Murdoch's paper, cookie protection mechanism affected by CVE-2008-1930 was only introduced in WordPress 2.5 and therefore should not affect versions of WordPress currently shipped in Fedora. This seems to be a fix for XSS mentioned in the announcement: http://trac.wordpress.org/changeset/7826 Thanks for comment #2 about Fedora not being affected. The problem is that the release talks about multiple security fixes and as there will be no update for 2.3.3 and as the update from 2.3.3 to 2.5.1 seems to be pretty easy (and for my tests without problems) I would still prefer that the updates are pushed. Maybe as a first step only to testing if Fedora is not affected. Ooops, all these should be relevant for the XSS issue: http://trac.wordpress.org/changeset/7819 http://trac.wordpress.org/changeset/7823 http://trac.wordpress.org/changeset/7826 Other issue fixed in 2.5.1 - unauthorized attachment attributes edits: Any user that knows the ID of an attachment is able to edit some attributes of it. http://trac.wordpress.org/ticket/6838 Changesets: http://trac.wordpress.org/changeset/7828 http://trac.wordpress.org/changeset/7830 (In reply to comment #4) > The problem is that the release talks about multiple security fixes Yes. Hopefully, those should be all listed here now. > will be no update for 2.3.3 and as the update from 2.3.3 to 2.5.1 seems to be > pretty easy (and for my tests without problems) I would still prefer that the > updates are pushed. Sounds ok to me. Updates are now waiting for RelEng to sing and push. > Maybe as a first step only to testing if Fedora is not affected. Feel free to change request from stable to testing if you prefer. Thanks for quick update! wordpress-2.5.1-1.fc7 has been pushed to the Fedora 7 stable repository. If problems still persist, please make note of it in this bug report. wordpress-2.5.1-1.fc8 has been pushed to the Fedora 8 stable repository. If problems still persist, please make note of it in this bug report. CVE id for the XSS issue: CVE-2008-2068: Cross-site scripting (XSS) vulnerability in WordPress 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. References: http://wordpress.org/development/2008/04/wordpress-251/ http://secunia.com/advisories/29965 http://xforce.iss.net/xforce/xfdb/42029 This issue was addressed in: Fedora: https://admin.fedoraproject.org/updates/F8/FEDORA-2008-3397 |