Ubuntu
wordpress package

[CVE-2007-6013] Authentication cookies easily derivable from password hash

Bug #172440 reported by William Grant on 2007-11-27

270

	Status	Importance	Assigned to
WordPress	Fix Released	Unknown	wordress-trac #5367
wordpress (Debian)	Fix Released	Unknown	debbugs #452251
wordpress (Ubuntu)	Fix Released	Medium	Emanuele Gentili
Dapper	Won't Fix	Undecided	Unassigned
Feisty	Won't Fix	Undecided	Unassigned
Gutsy	Won't Fix	Undecided	Emanuele Gentili

Bug Description

Binary package hint: wordpress

Wordpress 1.5 to 2.3.1 uses cookie values based on the MD5 hash of a password MD5 hash, which allows attackers to bypass authentication by obtaining the MD5 hash from the user database, then generating the authentication cookie from that hash.

Combined with the prevalence of SQL injection in WordPress, this could be an issue. Otherwise it's fairly unimportant.

CVE References

2007-6013

William Grant (wgrant) on 2007-11-27

Changed in wordpress:
importance:	Undecided → Medium
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2007-11-28

Changed in wordpress:
status:	Unknown → New

Bug Watch Updater (bug-watch-updater) on 2007-12-01

Changed in wordpress:
status:	New → Confirmed

Bug Watch Updater (bug-watch-updater) on 2007-12-04

Changed in wordpress:
status:	Unknown → New

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-01-09:

diff for gutsy is ready.

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-01-09:

wrong post/patch, redirect to open CVE-2007-6318

Bug Watch Updater (bug-watch-updater) on 2008-04-17

Changed in wordpress:
status:	Confirmed → Fix Released

Emanuele Gentili (emgent) on 2008-04-17

Changed in wordpress:
assignee:	nobody → emgent

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-04-17:

System Affected:
Wordpress 1.5 -- 2.3.1

Ubuntu status:
Hardy not affected.
Gutsy, Feisty, Edgy, Dapper affected.

Bug Watch Updater (bug-watch-updater) on 2008-04-28

Changed in wordpress:
status:	New → Fix Committed

Bug Watch Updater (bug-watch-updater) on 2008-04-30

Changed in wordpress:
status:	Fix Committed → Fix Released

William Grant (wgrant) on 2008-05-31

Changed in wordpress:
status:	Confirmed → Fix Released

Revision history for this message

Emanuele Gentili (emgent) wrote on 2008-06-01:

@ScottK: what do you think about the possibility to backport it?

Emanuele Gentili (emgent) on 2008-06-02

Changed in wordpress:
assignee:	nobody → emgent
status:	New → Confirmed

Revision history for this message

Hew (hew) wrote on 2008-12-15:

Ubuntu Feisty Fawn is no longer supported, so a SRU will not be issued for this release. Marking Feisty as Won't Fix.

Changed in wordpress:
status:	New → Won't Fix

Revision history for this message

Sergio Zanchetta (primes2h) wrote on 2009-05-07:

The 18 month support period for Gutsy Gibbon 7.10 has reached its end of life -
http://www.ubuntu.com/news/ubuntu-7.10-eol . As a result, we are closing the
Gutsy task.

Changed in wordpress (Ubuntu Gutsy):
status:	Confirmed → Won't Fix

Revision history for this message

Jamie Strandboge (jdstrand) wrote on 2011-10-14:

Thank you for reporting this bug to Ubuntu. dapper has reached EOL
(End of Life) and is no longer supported. As a result, this bug
against dapper is being marked "Won't Fix". Please see
https://wiki.ubuntu.com/Releases for currently supported Ubuntu
releases.

Please feel free to report any other bugs you may find.