GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Thu Aug 10, 2006 9:26 pm Post subject: [ GLSA 200608-19 ] WordPress: Privilege escalation |
|
|
Gentoo Linux Security Advisory
Title: WordPress: Privilege escalation (GLSA 200608-19)
Severity: normal
Exploitable: remote
Date: August 10, 2006
Updated: December 13, 2006
Bug(s): #142142
ID: 200608-19
Synopsis
A flaw in WordPress allows registered WordPress users to elevate privileges.
Background
WordPress is a PHP and MySQL based multiuser blogging system.
Affected Packages
Package: www-apps/wordpress
Vulnerable: < 2.0.4
Unaffected: >= 2.0.4
Architectures: All supported architectures
Description
The WordPress developers have confirmed a vulnerability in capability checking for plugins.
Impact
By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code.
Workaround
There is no known workaround at this time.
Resolution
All WordPress users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.4" |
References
CVE-2006-3389
CVE-2006-3390
CVE-2006-4028
Last edited by GLSA on Thu Dec 14, 2006 4:18 am; edited 1 time in total |
|