GLSA-200703-23 : WordPress: Multiple vulnerabilities

This script is Copyright (C) 2007-2014 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200703-23
(WordPress: Multiple vulnerabilities)

WordPress contains cross-site scripting or cross-site scripting forgery
vulnerabilities reported by:
g30rg3_x in the 'year'
parameter of the wp_title() function
Alexander Concha in the
'demo' parameter of wp-admin/admin.php
Samenspender and Stefan
Friedli in the 'post' parameter of wp-admin/post.php and
wp-admin/page.php, in the 'cat_ID' parameter of wp-admin/categories.php
and in the 'c' parameter of wp-admin/comment.php
PsychoGun in
the 'file' parameter of wp-admin/templates.php
Additionally, WordPress prints the full PHP script paths in some error
messages.

Impact :

The cross-site scripting vulnerabilities can be triggered to steal
browser session data or cookies. A remote attacker can entice a user to
browse to a specially crafted web page that can trigger the cross-site
request forgery vulnerability and perform arbitrary WordPress actions
with the permissions of the user. Additionally, the path disclosure
vulnerability could help an attacker to perform other attacks.

Workaround :

There is no known workaround at this time for all these
vulnerabilities.

See also :

http://secunia.com/advisories/24430/
http://www.gentoo.org/security/en/glsa/glsa-200703-23.xml

Solution :

Due to the numerous recently discovered vulnerabilities in WordPress,
this package has been masked in the portage tree. All WordPress users
are advised to unmerge it.
# emerge --unmerge 'www-apps/wordpress'

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 24889 (gentoo_GLSA-200703-23.nasl)

Bugtraq ID:

CVE ID: CVE-2007-1049
CVE-2007-1230
CVE-2007-1244
CVE-2007-1409