Debian DSA-1871-1 : wordpress - several vulnerabilities

critical Nessus Plugin ID 44736

Language:

Synopsis

The remote Debian host is missing a security-related update.

Description

Several vulnerabilities have been discovered in wordpress, weblog manager. The Common Vulnerabilities and Exposures project identifies the following problems :

- CVE-2008-6762 It was discovered that wordpress is prone to an open redirect vulnerability which allows remote attackers to conduct phishing attacks.

- CVE-2008-6767 It was discovered that remote attackers had the ability to trigger an application upgrade, which could lead to a denial of service attack.

- CVE-2009-2334 It was discovered that wordpress lacks authentication checks in the plugin configuration, which might leak sensitive information.

- CVE-2009-2854 It was discovered that wordpress lacks authentication checks in various actions, thus allowing remote attackers to produce unauthorised edits or additions.

- CVE-2009-2851 It was discovered that the administrator interface is prone to a cross-site scripting attack.

- CVE-2009-2853 It was discovered that remote attackers can gain privileges via certain direct requests.

- CVE-2008-1502 It was discovered that the _bad_protocol_once function in KSES, as used by wordpress, allows remote attackers to perform cross-site scripting attacks.

- CVE-2008-4106 It was discovered that wordpress lacks certain checks around user information, which could be used by attackers to change the password of a user.

- CVE-2008-4769 It was discovered that the get_category_template function is prone to a directory traversal vulnerability, which could lead to the execution of arbitrary code.

- CVE-2008-4796 It was discovered that the _httpsrequest function in the embedded snoopy version is prone to the execution of arbitrary commands via shell metacharacters in https URLs.

- CVE-2008-5113 It was discovered that wordpress relies on the REQUEST superglobal array in certain dangerous situations, which makes it easier to perform attacks via crafted cookies.

Solution

Upgrade the wordpress packages.

For the oldstable distribution (etch), these problems have been fixed in version 2.0.10-1etch4.

For the stable distribution (lenny), these problems have been fixed in version 2.5.1-11+lenny1.

See Also

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=531736

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=536724

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504243

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=500115

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504234

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=504771

https://security-tracker.debian.org/tracker/CVE-2008-6762

https://security-tracker.debian.org/tracker/CVE-2008-6767

https://security-tracker.debian.org/tracker/CVE-2009-2334

https://security-tracker.debian.org/tracker/CVE-2009-2854

https://security-tracker.debian.org/tracker/CVE-2009-2851

https://security-tracker.debian.org/tracker/CVE-2009-2853

https://security-tracker.debian.org/tracker/CVE-2008-1502

https://security-tracker.debian.org/tracker/CVE-2008-4106

https://security-tracker.debian.org/tracker/CVE-2008-4769

https://security-tracker.debian.org/tracker/CVE-2008-4796

https://security-tracker.debian.org/tracker/CVE-2008-5113

https://www.debian.org/security/2009/dsa-1871

Plugin Details

Severity: Critical

ID: 44736

File Name: debian_DSA-1871.nasl

Version: 1.21

Type: local

Agent: unix

Published: 2/24/2010

Updated: 1/4/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Critical

Base Score: 10

Temporal Score: 8.3

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Temporal Vector: E:F/RL:OF/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wordpress, cpe:/o:debian:debian_linux:4.0, cpe:/o:debian:debian_linux:5.0

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 8/23/2009

Vulnerability Publication Date: 3/25/2008

Exploitable With

CANVAS (D2ExploitPack)

Elliot (Moodle <= 1.8.4 RCE)

Reference Information

CVE: CVE-2008-1502, CVE-2008-4106, CVE-2008-4769, CVE-2008-4796, CVE-2008-5113, CVE-2008-6762, CVE-2008-6767, CVE-2009-2334, CVE-2009-2851, CVE-2009-2853, CVE-2009-2854

BID: 28599, 31068, 31887, 35584, 35935

DSA: 1871

CWE: 20, 22, 59, 79, 94, 264, 287, 352