Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Thu, 2 Dec 2010 15:44:30 -0500 (EST)
From: Josh Bressers <bressers@...hat.com>
To: oss-security@...ts.openwall.com
Cc: Jon Ciesla <limb@...mserv.net>,
        "Steven M. Christey" <coley@...us.mitre.org>
Subject: Re: CVE Request -- Wordpress v3.0.2 SQL injection
 flaw + two minor XSS issues


----- "Jan Lieskovsky" <jlieskov@...hat.com> wrote:

> Hello Steve, vendors,
> 
>    Wordpress upstream has released latest v3.0.2 version, addressing
> one SQL injection
> flaw:
> 
>    1), SQL injection flaw by processing trackbacks
> 
>    An improper input sanitization flaw was found in the way Wordpress
> performed trackbacks (a way to notify a website when an entry that
> references it is published) maintainance. A remote attacker,
> with Author-level privilege could use this flaw to conduct
> SQL injection attacks (gain further access to the site, which
> should be otherwise prohibited).
> 
>    References:
>    [1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603
>    [2] http://codex.wordpress.org/Version_3.0.2
>    [3] http://core.trac.wordpress.org/changeset/16625
>    [4] https://bugzilla.redhat.com/show_bug.cgi?id=659265

Use CVE-2010-4257 for the SQL injection flaw.

I'm less sure about the other two.

> The two XSS issues below are minor, as they need Wordpress administrator
> to perform the attack, but according to CVE philosophy, the CVE ids
> should be assigned for them too. But these two opened / left for further
> discussion:
> 
>    2), XSS in requesting user credentials in order to connect to the
> filesystem
>    References:
>    [7] https://bugzilla.redhat.com/show_bug.cgi?id=659294
>    [8] http://codex.wordpress.org/Version_3.0.2
>    [9] http://core.trac.wordpress.org/changeset/16367
> 
>    3), XSS when deleting a plugin
>    References:
>    [10] https://bugzilla.redhat.com/show_bug.cgi?id=659299
>    [11] http://codex.wordpress.org/Version_3.0.2
>    [12] http://core.trac.wordpress.org/changeset/16373
> 
> Note: The other issues mentioned in:
>        http://codex.wordpress.org/Version_3.0.2
> 
>        should be only bugfixes.
> 

Do these two XSS flaws cross a trust boundary? I'm not familiar with
wordpress.

I looked back at previous wordpress admin related issues, there were none
like this. Most XSS things affecting the admin involved an xss that affects
the admin, not one triggered by an admin.

Thanks.

-- 
    JB

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.