Bug 245211 (CVE-2007-3544) - Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities
Summary: Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities
Alias: CVE-2007-3544
Product: Fedora
Classification: Fedora
Component: wordpress   
(Show other bugs)
Version: 7
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: John Berninger
QA Contact: Fedora Extras Quality Assurance
Keywords: Reopened, Security
Depends On:
TreeView+ depends on / blocked
Reported: 2007-06-21 17:56 UTC by Ville Skyttä
Modified: 2008-05-07 15:09 UTC (History)
2 users (show)

Fixed In Version: 2.2.1-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2008-05-07 15:09:50 UTC
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

Description Ville Skyttä 2007-06-21 17:56:58 UTC
XML-RPC SQL injection:

Cross site scripting:

Note: these have been reported against Wordpress 2.2, I haven't investigated
whether 2.1.3 currently in Fedora is affected.

Also, 2.2.1 seems to have been released today, fixing at least some of these issues.

Comment 1 Ville Skyttä 2007-07-04 17:20:33 UTC
Additional unrestricted file upload issues:

Comment 2 Fedora Update System 2007-07-05 19:22:47 UTC
wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 3 Ville Skyttä 2007-07-05 19:30:04 UTC
CVE-2007-3544 is reported against 2.2.1, reopening for verification whether this
update is still vulnerable.

Comment 4 Lubomir Kundrak 2007-08-01 14:24:38 UTC
John: What about CVE-2007-3544? Will this ever get updated?

Comment 5 Lubomir Kundrak 2007-08-01 14:27:46 UTC
John: In my opinion Wordpress is not a quality software that would really belong
to Fedora, unfortunatelly your package fully complies with the guidelines.
Obviously, your opinion is different, so please do care about doing updates --
maintaining a bucket of bugs that wordpress inteed is needs some extra

Comment 6 John Berninger 2007-08-06 13:45:36 UTC
There has been no patch from upstream for this issue, and no response from them
in response to my latest query on this issue.  When upstream generates a patch,
or replies that the current release is not vulnerable, I will update this bug.

Comment 7 Lubomir Kundrak 2007-11-01 20:32:23 UTC
John: That practically means that Wordpress upstream is dead, right? I don't
feel comfortable about having an unfixed vulnerability in distribution, do you?
Please do your best to solve the situation.

Comment 8 John Berninger 2007-11-01 20:49:54 UTC
Wordpress upstream is far from dead, they simply did not respond to my inquiry
regarding this specific vulnerability.  They have made additional releases, and
we currently have version 2.2.3 available in FC7, 2.3.1 in devel.  I'm as
comfortable having wordpress in the distro as I am with having various bugs I've
reported in RHEL still be open after multiple years, or closed with a WONTFIX
from PM.

Comment 9 Lubomir Kundrak 2007-11-02 17:02:59 UTC
RHEL is a different operating system with a different development model and
different expectations from users. Not a good analogy.

I understand that you can not do anything about fixing this anyways without more
specific information other than the advisory. I mailed the guy who discovered
the flaw and asked for more information. In case we won't learn more, we may
consider the issue non{public,existent}.

Comment 10 Tomas Hoger 2008-05-07 15:09:50 UTC
I'm closing this INSUFFICIENT_DATA, as CVE-2007-3544 description only links to
the same advisory as CVE-2007-3543 and does not have any details in what ways
fix for CVE-2007-3543 is incomplete.

Note You need to log in before you can comment on or make changes to this bug.