Ubuntu
wordpress package

CVE-2010-4257: SQL Injection from trackback functions

Bug #716641 reported by Mahyuddin Susanto
262
This bug affects 2 people
Affects Status Importance Assigned to Milestone
wordpress (Debian)
Fix Released
Unknown
wordpress (Fedora)
Fix Released
Medium
wordpress (Ubuntu)
Fix Released
Undecided
Unassigned
Lucid
Fix Released
Undecided
Unassigned
Maverick
Fix Released
Undecided
Unassigned
Natty
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: wordpress

SQL injection vulnerability in the do_trackbacks function in wp-includes/comment.php in WordPress before 3.0.2 allows remote
authenticated users to execute arbitrary SQL commands via the Send Trackbacks field.

Tags: patch
Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

An improper input sanitization flaw was found in the way Wordpress
performed trackbacks (a way to notify a website when an entry that
references it is published) maintainance. A remote attacker,
with Author-level privilege could use this flaw to conduct
SQL injection attacks (gain further access to the site, which
should be otherwise prohibited).

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=605603
[2] http://codex.wordpress.org/Version_3.0.2

Upstream changeset:
[3] http://core.trac.wordpress.org/changeset/16625

Note: You may want to use w3m browser, when trying to access [2],
      and [3], as we are having troubles / timeouts, when accessing
      it via firefox / konqueror. Will post a copy of upstream patch
      here.

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

This issue affects the version of the wordpress package, as shipped
with Fedora release of 13 and 14.

Please fix.

--

This issue affects the version of the wordpress package, as present
within EPEL-5 repository.

Please schedule an update.

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

Created attachment 464225
Promised local copy of upstream changeset

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

CVE Request:
http://www.openwall.com/lists/oss-security/2010/12/02/1

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

Created wordpress tracking bugs for this issue

Affects: fedora-all [bug 659319]

Revision history for this message
In , Jan (jan-redhat-bugs) wrote :

The CVE identifier of CVE-2010-4257 has been assigned to this issue.

Mahyuddin Susanto (udienz)
visibility: private → public
Mahyuddin Susanto (udienz)
tags: added: patch
Jamie Strandboge (jdstrand)
Changed in wordpress (Ubuntu):
status: New → Confirmed
Revision history for this message
Artur Rona (ari-tczew) wrote :

wordpress (3.0.2-1ubuntu1) natty; urgency=low

  * Merge from debian unstable. Remaining changes:
    - debian/apache.conf:
      + Changed to use /var/www instead of /srv/www for virtual webroot.
    - debian/setup-mysql:
      + Changed to use /var/www instead of /srv/www.
 -- Artur Rona <email address hidden> Sat, 11 Dec 2010 14:57:22 +0100

Changed in wordpress (Ubuntu Natty):
status: Confirmed → Fix Released
Revision history for this message
Artur Rona (ari-tczew) wrote :

Thank you for your time and efforts making Ubuntu better! However, there are some issues:

1) Please grab source from maverick-updates and lucid-updates and then patch adjusting d/changelogs properly

2) Remove ":" at the end of filename from lines 5 in d/changelogs

3) Rename 011CVE2010-4257.patch to CVE-2010-4257.patch

4) Use short URL for DEP3 tag:
Bug-Redhat: https://bugzilla.redhat.com/659265

5) Remove hashes ## from DEP3 tags. It's necessary only for dpatch.

Revision history for this message
Mahyuddin Susanto (udienz) wrote :
Revision history for this message
Mahyuddin Susanto (udienz) wrote :
Revision history for this message
Jamie Strandboge (jdstrand) wrote :

ACK for lucid and maverick

Changed in wordpress (Ubuntu Lucid):
status: New → Confirmed
Changed in wordpress (Ubuntu Maverick):
status: New → Confirmed
Jamie Strandboge (jdstrand)
Changed in wordpress (Ubuntu Lucid):
status: Confirmed → Fix Committed
Changed in wordpress (Ubuntu Maverick):
status: Confirmed → Fix Committed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wordpress - 3.0.1-1ubuntu1.2

---------------
wordpress (3.0.1-1ubuntu1.2) maverick-security; urgency=low

  * SECURITY UPDATE: SQL Injection vulnerability in the trackback
    functions. (LP: #716641)
    - debian/patches/CVE-2010-4257.patch
    - CVE-2010-4257
    - http://wordpress.org/news/2010/11/wordpress-3-0-2/
 -- Mahyuddin Susanto <email address hidden> Sun, 13 Feb 2011 21:51:55 +0700

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package wordpress - 2.9.2-1ubuntu1.2

---------------
wordpress (2.9.2-1ubuntu1.2) lucid-security; urgency=low

  * SECURITY UPDATE: SQL Injection vulnerability in the trackback
    functions. (LP: #716641)
    - debian/patches/CVE-2010-4257.patch
    - CVE-2010-4257
    - http://wordpress.org/news/2010/11/wordpress-3-0-2/
 -- Mahyuddin Susanto <email address hidden> Sun, 13 Feb 2011 21:53:51 +0700

Changed in wordpress (Ubuntu Lucid):
status: Fix Committed → Fix Released
Changed in wordpress (Ubuntu Maverick):
status: Fix Committed → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in wordpress (Debian):
status: Unknown → Fix Released
Bug Watch Updater (bug-watch-updater)
Changed in wordpress (Fedora):
importance: Unknown → Medium
status: Unknown → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.