[wp-hackers] WordPress: Arbitrary command execution?

Peter Westwood peter.westwood at ftwr.co.uk
Mon Jun 12 09:29:05 GMT 2006


On Mon, June 12, 2006 10:13 am, Ryan Duff wrote:
> Computer Guru wrote:
>> Have you finished reading the entry?
>>
>>
>>
>> ----------------------------------------------------------------------------
>> ----
>>      Package             /  Vulnerable  /                   Unaffected
>> ----------------------------------------------------------------------------
>> ----
>>   1  www-apps/wordpress       < 2.0.3                         >= 2.0.3
>>
>>
>>
>> As you can see, it has been fixed - later on in that page:
>>
>> Resolution
>> All WordPress users should upgrade to the latest available version.
>
> Did you finish reading the entry? Not fixed... disabled by default. The
> problem could potentially exist if the user data cache is enabled again.
>
> "Impact
>
> An attacker could exploit this vulnerability to execute arbitrary
> commands by sending a specially crafted username. As of Wordpress 2.0.2
> the user data cache is disabled as the default."
>
>

No. It is fixed in 2.0.3.  The cache was disabled by default in 2.0.2.

The following change removed any chance for this exploit or any similar
one working against the cache: http://trac.wordpress.org/changeset/3797

westi
-- 
Peter Westwood <peter.westwood at ftwr.co.uk>
http://blog.ftwr.co.uk


More information about the wp-hackers mailing list