Package: wordpress Severity: grave Tags: security Hi, the following CVE (Common Vulnerabilities & Exposures) id was published for wordpress.
CVE-2008-1930[0]: | An attacker, who is able to register a specially crafted username on | a Wordpress 2.5 installation, is able to generate authentication | cookies for other chosen accounts. | | This vulnerability exists because it is possible to modify | authentication cookies without invalidating the cryptographic | integrity protection. | | If a Wordpress blog is configured to freely permit account creation, | a remote attacker can gain Wordpress-administrator access and then | elevate this to arbitrary code execution as the web server user. Note, this is not yet on the mitre site, see: http://wordpress.org/development/2008/04/wordpress-251/ in the meantime. If you fix the vulnerability please also make sure to include the CVE id in your changelog entry. For further information see: [0] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1930 http://security-tracker.debian.net/tracker/CVE-2008-1930 -- Nico Golde - http://www.ngolde.de - [EMAIL PROTECTED] - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
pgpe5NQI2uJO9.pgp
Description: PGP signature
