Bug 245211 - (CVE-2007-3544) Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities
Wordpress 2.2(.1): SQL injection, XSS, unrestricted file upload vulnerabilities
Status: CLOSED INSUFFICIENT_DATA
Product: Fedora
Classification: Fedora
Component: wordpress (Show other bugs)
7
All Linux
low Severity low
: ---
: ---
Assigned To: John Berninger
Fedora Extras Quality Assurance
: Reopened, Security
Depends On:
Blocks:
  Show dependency treegraph
 
Reported: 2007-06-21 13:56 EDT by Ville Skyttä
Modified: 2008-05-07 11:09 EDT (History)
2 users (show)

See Also:
Fixed In Version: 2.2.1-1.fc7
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2008-05-07 11:09:50 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Ville Skyttä 2007-06-21 13:56:58 EDT
XML-RPC SQL injection:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3140

Cross site scripting:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3238
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3239
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3240
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3241

Note: these have been reported against Wordpress 2.2, I haven't investigated
whether 2.1.3 currently in Fedora is affected.

Also, 2.2.1 seems to have been released today, fixing at least some of these issues.
Comment 1 Ville Skyttä 2007-07-04 13:20:33 EDT
Additional unrestricted file upload issues:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3543
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-3544
Comment 2 Fedora Update System 2007-07-05 15:22:47 EDT
wordpress-2.2.1-1.fc7 has been pushed to the Fedora 7 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 3 Ville Skyttä 2007-07-05 15:30:04 EDT
CVE-2007-3544 is reported against 2.2.1, reopening for verification whether this
update is still vulnerable.
Comment 4 Lubomir Kundrak 2007-08-01 10:24:38 EDT
John: What about CVE-2007-3544? Will this ever get updated?
Comment 5 Lubomir Kundrak 2007-08-01 10:27:46 EDT
John: In my opinion Wordpress is not a quality software that would really belong
to Fedora, unfortunatelly your package fully complies with the guidelines.
Obviously, your opinion is different, so please do care about doing updates --
maintaining a bucket of bugs that wordpress inteed is needs some extra
responsibility.
Comment 6 John Berninger 2007-08-06 09:45:36 EDT
There has been no patch from upstream for this issue, and no response from them
in response to my latest query on this issue.  When upstream generates a patch,
or replies that the current release is not vulnerable, I will update this bug.
Comment 7 Lubomir Kundrak 2007-11-01 16:32:23 EDT
John: That practically means that Wordpress upstream is dead, right? I don't
feel comfortable about having an unfixed vulnerability in distribution, do you?
Please do your best to solve the situation.
Comment 8 John Berninger 2007-11-01 16:49:54 EDT
Wordpress upstream is far from dead, they simply did not respond to my inquiry
regarding this specific vulnerability.  They have made additional releases, and
we currently have version 2.2.3 available in FC7, 2.3.1 in devel.  I'm as
comfortable having wordpress in the distro as I am with having various bugs I've
reported in RHEL still be open after multiple years, or closed with a WONTFIX
from PM.
Comment 9 Lubomir Kundrak 2007-11-02 13:02:59 EDT
RHEL is a different operating system with a different development model and
different expectations from users. Not a good analogy.

I understand that you can not do anything about fixing this anyways without more
specific information other than the advisory. I mailed the guy who discovered
the flaw and asked for more information. In case we won't learn more, we may
consider the issue non{public,existent}.
Comment 10 Tomas Hoger 2008-05-07 11:09:50 EDT
I'm closing this INSUFFICIENT_DATA, as CVE-2007-3544 description only links to
the same advisory as CVE-2007-3543 and does not have any details in what ways
fix for CVE-2007-3543 is incomplete.

Note You need to log in before you can comment on or make changes to this bug.