Subject: Bug#477910: wordpress: CVE-2008-1930 integrity protection vulnerability
Newsgroups: gmane.linux.debian.devel.bugs.general
Date: 2008-04-25 16:41:49 GMT (3 weeks, 12 hours and 25 minutes ago)
Package: wordpress Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for wordpress. CVE-2008-1930[0]: | An attacker, who is able to register a specially crafted username on | a Wordpress 2.5 installation, is able to generate authentication | cookies for other chosen accounts. | | This vulnerability exists because it is possible to modify | authentication cookies without invalidating the cryptographic | integrity protection. | | If a Wordpress blog is configured to freely permit account creation, | a remote attacker can gain Wordpress-administrator access and then | elevate this to arbitrary code execution as the web server user. Note, this is not yet on the mitre site, see: http://wordpress.org/development/2008/04/wordpress-251/ in the meantime. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930 http://security-tracker.debian.net/tracker/CVE-2008-1930 -- Nico Golde - http://www.ngolde.de - nion <at> jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.