Your message dated Tue, 23 Jan 2007 22:24:04 +0000
with message-id <[EMAIL PROTECTED]>
and subject line [EMAIL PROTECTED]: Re: Debian security]
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: wordpress
Version: 2.0.6-1
Severity: important
Tags: security
Affected system:
WordPress =>2.0.6
Discovered a weakness in WordPress, which can be exploited by
malicious people to disclose SQL information and Wordpress Full Path.
The problem is that SQL error messages are returned to the user. This
can be exploited to disclose the configured table prefix via an invalid
"m" parameter passed in index.php.
Example:
http://[host]/index.php?m[]=
You will see return information like this:
Warning: rawurlencode() expects parameter 1 to be string, array given in
[path]\wp-includes\classes.php on line 227
WordPress 数据库错误: [Unknown column
'Arra' in 'where clause']
SELECT SQL_CALC_FOUND_ROWS wp_posts.* FROM wp_posts WHERE 1=1 AND YEAR
(post_date)=Arra AND (post_type = 'post' AND (post_status = 'publish' OR
post_status = 'private')) ORDER BY post_date DESC LIMIT 0, 10
Solution:
Edit the source use is_array() function to Inspection Var "$m"
Reference:
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-0262
http://www.securityfocus.com/archive/1/archive/1/456731/100/0/threaded
Note:
Please mention the CVE id in the changelog.
-- System Information:
Debian Release: 4.0
APT prefers unstable
APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-3-486
Locale: LANG=pt_BR.UTF-8, LC_CTYPE=pt_BR.UTF-8 (charmap=UTF-8)
regards,
--
.''`.
: :' : Alex de Oliveira Silva | enerv
`. `' www.enerv.net
`-
--- End Message ---
--- Begin Message ---
Fixed in 2.1, though I am waiting for 2.0.8 for etch that fixes this
bug..
----- Forwarded message from Ryan Boren <[EMAIL PROTECTED]> -----
From: Ryan Boren <[EMAIL PROTECTED]>
To: Kai Hendry <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED]
Subject: Re: Debian security
Date: Tue, 23 Jan 2007 12:55:10 -0800
X-Original-To: [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
X-Forwarded-To: [EMAIL PROTECTED]
X-Forwarded-For: [EMAIL PROTECTED] [EMAIL PROTECTED]
Delivered-To: [EMAIL PROTECTED]
DomainKey-Status: good (test mode)
DomainKey-Signature: a=rsa-sha1; c=nofws;
d=gmail.com; s=beta;
h=received:message-id:date:from:sender:to:subject:cc:in-reply-to:mime-version:content-type:content-transfer-encoding:content-disposition:references:x-google-sender-auth;
b=T1ENlS4TCFtVNBfktuMv2npwc5QtnsZ9Gu6pGZYI+zabkDQ8N6Pk6sz06s7u9e6Ls5tTiJvsc8Jj653vsKDB+yOLFkM82ot9iPWsLZEh7IQxubDJIzXKcHOmX3iEvLbqgLxq/IV3FghAErYbRnALxSH2P2JwL/yo5C0PVTdvn9Y=
X-Google-Sender-Auth: 770b59121241fc56
X-Spam-Checker-Version: SpamAssassin 3.0.3 (2005-04-27) on
mail1506.sd.dreamhost.com
On 1/23/07, Kai Hendry <[EMAIL PROTECTED]> wrote:
>http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=407289
>
>Is this bug fixed in 2.1? There are a lot of changes all over the place.
Fixed in 2.1 and will be fixed in 2.0.8.
Ryan
----- End forwarded message -----
--- End Message ---