[wordpress] [DSA-1564-1] several vulnerabilities
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
wordpress (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Dapper |
Won't Fix
|
Undecided
|
Unassigned | ||
Feisty |
Won't Fix
|
Undecided
|
Unassigned |
Bug Description
Binary package hint: wordpress
References:
DSA-1564-1 (http://
Quoting:
"Several remote vulnerabilities have been discovered in wordpress,
a weblog manager. The Common Vulnerabilities and Exposures project
identifies the following problems:
CVE-2007-3639
Insufficient input sanitising allowed for remote attackers to
redirect visitors to external websites.
CVE-2007-4153
Multiple cross-site scripting vulnerabilities allowed remote
authenticated administrators to inject arbitrary web script or HTML.
CVE-2007-4154
SQL injection vulnerability allowed allowed remote authenticated
administrators to execute arbitrary SQL commands.
CVE-2007-0540
WordPress allows remote attackers to cause a denial of service
(bandwidth or thread consumption) via pingback service calls with
a source URI that corresponds to a file with a binary content type,
which is downloaded even though it cannot contain usable pingback data.
[no CVE name yet]
Insufficient input sanitising caused an attacker with a normal user
account to access the administrative interface."
All of these are already fixed.