thr3ads.net - Secure testing team - [Secure-testing-team] Bug#541102: Remote users may reset the admin password [Aug 2009]

If this information is useful, please help other people find it:
Share via:

Daniel Leidert

2009-Aug-11 18:26 UTC

[Secure-testing-team] Bug#541102: Remote users may reset the admin password

Package: wordpress
Version: 2.7.1-2
Severity: grave
Tags: security patch

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

The original report says, that the issue can be used to compromise the
admin account. In a newer version it is said, that this is not possible.
But I set severity to grave for the moment. Please decide on your own.

http://lists.grok.org.uk/pipermail/full-disclosure/2009-August/070137.html
http://core.trac.wordpress.org/changeset/11798

The vulnerability AFAIK applies to all versions, including version 2.8.3.
CVE number currently unknown.

Regards, Daniel


- -- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (850, ''unstable''), (700,
''testing''), (550, ''stable''), (110,
''experimental'')
Architecture: i386 (i686)

Kernel: Linux 2.6.29-2-686 (SMP w/1 CPU core)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash

Versions of packages wordpress depends on:
ii  apache2                  2.2.12-1        Apache HTTP Server metapackage
ii  apache2-mpm-prefork [htt 2.2.12-1        Apache HTTP Server - traditional n
ii  libapache2-mod-php5      5.2.10.dfsg.1-2 server-side, HTML-embedded scripti
ii  libjs-jquery             1.3.3-1         JavaScript library for dynamic web
pn  libjs-prototype          <none>          (no description available)
pn  libjs-scriptaculous      <none>          (no description available)
pn  libphp-phpmailer         <none>          (no description available)
pn  libphp-snoopy            <none>          (no description available)
ii  php5                     5.2.10.dfsg.1-2 server-side, HTML-embedded scripti
pn  php5-gd | php4-gd        <none>          (no description available)
pn  php5-mysql | php4-mysql  <none>          (no description available)
pn  tinymce                  <none>          (no description available)
pn  virtual-mysql-client     <none>          (no description available)

wordpress recommends no packages.

Versions of packages wordpress suggests:
pn  virtual-mysql-server          <none>     (no description available)

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkqBt7cACgkQm0bx+wiPa4wKHQCeIaaLmxs52dNnGLq7YKLQeOhW
7E0An3w73ZMRvCi+9KJyDpf7+P1pVtSX
=CwaB
-----END PGP SIGNATURE-----

Secure testing team - Aug 2009 - Bug#541102: Remote users may reset the admin password

[Secure-testing-team] Bug#541102: Remote users may reset the admin password