Package: wordpress Version: 2.0.2-1 Severity: serious Tags: security Just installed Wordpress and configured it with script from example directory. This script created database in mysql and config file for domain, where account information for this database is stored. But it made this file's permissions 644, wich allow any local (or remove in some bad cases) users to get this account information and gain full access to wordpress database.
Regards, Alexander. -- System Information: Debian Release: 3.1 APT prefers proposed-updates APT policy: (670, 'proposed-updates'), (670, 'stable'), (620, 'testing-proposed-updates'), (620, 'testing'), (600, 'unstable'), (550, 'experimental') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.15-1-k7 Locale: LANG=ru_RU.KOI8-R, LC_CTYPE=ru_RU.KOI8-R (charmap=KOI8-R) Versions of packages wordpress depends on: ii apache2-mpm-prefork [htt 2.0.54-5 traditional model for Apache2 ii libapache2-mod-php4 4:4.3.10-16 server-side, HTML-embedded scripti ii mysql-client [virtual-my 4.0.24-10sarge1 mysql database client binaries ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii php4-mysql 4:4.3.10-16 MySQL module for php4 wordpress recommends no packages. -- no debconf information -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
