1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200606-08 / wordpress |
| Release Date | June 09, 2006 |
| Latest Revision | June 10, 2006: 02 |
| Impact | high |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-apps/wordpress | < 2.0.3 | >= 2.0.3 | All supported architectures |
Related bugreports: #134397
WordPress fails to sufficiently check the format of cached username data.
WordPress is a PHP and MySQL based content management and publishing system.
rgod discovered that WordPress insufficiently checks the format of cached username data.
An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially crafted username. As of Wordpress 2.0.2 the user data cache is disabled by default.
There are no known workarounds at this time.
All WordPress users should upgrade to the latest available version:
Code Listing 3.1: Resolution |
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3" |