WordPress: Arbitrary command execution — GLSA 200606-08

WordPress fails to sufficiently check the format of cached username data.

Affected Packages

www-apps/wordpress on all architectures
Affected versions < 2.0.3
Unaffected versions >= 2.0.3

Background

WordPress is a PHP and MySQL based content management and publishing system.

Description

rgod discovered that WordPress insufficiently checks the format of cached username data.

Impact

An attacker could exploit this vulnerability to execute arbitrary commands by sending a specially crafted username. As of Wordpress 2.0.2 the user data cache is disabled by default.

Workaround

There are no known workarounds at this time.

Resolution

All WordPress users should upgrade to the latest available version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"

References

Release Date
June 09, 2006

Latest Revision
June 10, 2006: 02

Severity
high

Exploitable
remote

Bugzilla entries