blob: c7e60797edc897280484161fa348751c1f1070da [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200606-08">
<title>WordPress: Arbitrary command execution</title>
WordPress fails to sufficiently check the format of cached username data.
<product type="ebuild">wordpress</product>
<announced>June 09, 2006</announced>
<revised>June 10, 2006: 02</revised>
<package name="www-apps/wordpress" auto="yes" arch="*">
<unaffected range="ge">2.0.3</unaffected>
<vulnerable range="lt">2.0.3</vulnerable>
WordPress is a PHP and MySQL based content management and publishing
rgod discovered that WordPress insufficiently checks the format of
cached username data.
<impact type="high">
An attacker could exploit this vulnerability to execute arbitrary
commands by sending a specially crafted username. As of Wordpress 2.0.2
the user data cache is disabled by default.
There are no known workarounds at this time.
All WordPress users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/wordpress-2.0.3&quot;</code>
<uri link="">CVE-2006-2667</uri>
<uri link="">CVE-2006-2702</uri>
<metadata tag="submitter" timestamp="Tue, 06 Jun 2006 16:40:51 +0000">
<metadata tag="bugReady" timestamp="Tue, 06 Jun 2006 17:50:23 +0000">