Summary
Multiple security issues have been
discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at https://wordpress.org/news/2014/11/wordpress-4-0-1/CVE-2014-9031 Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts.
CVE-2014-9033
Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password.
CVE-2014-9034
Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set.
CVE-2014-9035John Blackbourn reported an XSS in the Press This function (used for quick publishing using a browser bookmarklet).
CVE-2014-9036
Robert Chapin reported an XSS in the HTML filtering of CSS in posts.
CVE-2014-9037
David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme. While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison.
CVE-2014-9038
Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space.
CVE-2014-9039
Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email.
Solution
For the stable distribution (wheezy),
these problems have been fixed in version 3.6.1+dfsg-1~deb7u5.
For the upcoming stable distribution (jessie), these problems have been fixed in version 4.0.1+dfsg-1.
For the unstable distribution (sid), these problems have been fixed in version 4.0.1+dfsg-1.
We recommend that you upgrade your wordpress packages.
Insight
WordPress is a full featured web blogging tool:
* Instant publishing (no rebuilding)
* Comment pingback support with spam protection
* Non-crufty URLs
* Themable
* Plugin support
Affected
wordpress on Debian Linux
Detection
This check tests the installed software
version using the apt package manager.
References
Updated on 2015-03-25
Severity
Classification
-
CVE CVE-2014-9031, CVE-2014-9033, CVE-2014-9034, CVE-2014-9035, CVE-2014-9036, CVE-2014-9037, CVE-2014-9038, CVE-2014-9039 -
CVSS Base Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P
Related Vulnerabilities