Polaroid Photo

Bilder från Daniel Nylander.se

Daniel Nylander.se

Ubuntu, Debian, Translation Project, GNU, Linux, UNIX, VoIP, IT-Säkerhet, experiment, väl valda ord och delvis sinnesnärvaro

Välj ett ämne:

tis
16
Aug '05

WordPress Cookie cache_lastpostdate Variable Arbitrary PHP Code Execution

WordPress Cookie cache_lastpostdate Variable Arbitrary PHP Code Execution

Vulnerability Description

WordPress contains a flaw that may allow a remote attacker to execute arbitrary commands. The issue is due to functions.php not properly sanitizing user input supplied in the cache_lastpostdate cookie. This may allow an attacker to include PHP code that contains arbitrary commands which will be executed by the vulnerable script.

Solution Description

Upgrade to version 1.5.1.4 or higher, as it has been reported to fix this vulnerability. It is also possible to protect from the flaw by implementing the following workaround: set the register_globals PHP option to ‘off’.

Products affected:

Matt Mullenweg Word Press 1.5.1
Matt Mullenweg Word Press 1.5.1.2
Matt Mullenweg Word Press 1.5.1.3
Matt Mullenweg Word Press 1.5

Vulnerability classification:

Remote vulnerability
Input manipulation attack
Impact on integrity
Exploit available
Verified

External references:

Vendor URL: http://wordpress.org/
Secunia Advisory ID: 16386
Generic Exploit URL: http://www.securiteam.com/unixfocus/5BP0G00GLK.html
Bugtraq ID: http://www.securityfocus.com/bid/14533
Nessus Script ID: 19414
Security Mail List Post: http://marc.theaimsgroup.com/?l=full-disclosure&m=112361397032495&w=2

Start discussion »

Skriv ett svar