[Frugalware-security] [ FSA-284 ] wordpress

voroskoi noreply at frugalware.org
Thu Oct 4 11:24:13 CEST 2007 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Frugalware Security Advisory                           FSA-284

Date: 2007-10-04
Package: wordpress
Vulnerable versions: <= 2.2.2-1terminus1
Unaffected versions: >= 2.2.3-1terminus1
Related bugreport: http://bugs.frugalware.org/task/2398
CVE: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4893
			http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-4894

Description
===========

Some vulnerabilities have been reported in Wordpress, which can be exploited by malicious users to conduct script insertion attacks and by malicious people to conduct SQL injection attacks.
1) The &quot;unfiltered_html&quot; privilege feature can be bypassed by adding a field named &quot;no_filter&quot;. This can be exploited by malicious users without the &quot;unfiltered_html&quot; privilege to e.g. post blog entries with arbitrary HTML and script code via specially crafted POST requests.
2) Input passed to certain parameters (e.g. the &quot;post_type&quot; parameter of the URL passed to the &quot;pingback.extensions.getPingbacks()&quot; XMLRPC method) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Updated Packages
================

Check if you have wordpress installed:

	# pacman-g2 -Q wordpress

If found, then you should upgrade to the latest version:

	# pacman-g2 -Sy wordpress

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.7 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info

iD8DBQFHBLE9Z7NElSD1VhkRAgGzAKCn74jVX4uPmBAAKjwubyEAq6f+fwCfT7dh
pjWhvrkSueV92oi5mBYknzE=
=xo/0
-----END PGP SIGNATURE-----

More information about the Frugalware-security mailing list