Debian Local Security Checks : Debian LTS: Security Advisory for wordpress (DLA-1151-2)

Anfälligkeitssuche		Suche in 219043 CVE Beschreibungen und 99761 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.0.891151

Kategorie: Debian Local Security Checks

Titel: Debian LTS: Security Advisory for wordpress (DLA-1151-2)

Zusammenfassung: The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and;caused a regression. It was discovered that an additional database;upgrade and further code changes would be necessary. At the moment;these changes are deemed as too intrusive and thus the initial patch;for CVE-2017-14990 has been removed again. For reference, the original;advisory text follows.;;WordPress stores cleartext wp_signups.activation_key values (but;stores the analogous wp_users.user_activation_key values as hashes),;which might make it easier for remote attackers to hijack unactivated;user accounts by leveraging database read access (such as access;gained through an unspecified SQL injection vulnerability).

Beschreibung: Summary:
The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and
caused a regression. It was discovered that an additional database
upgrade and further code changes would be necessary. At the moment
these changes are deemed as too intrusive and thus the initial patch
for CVE-2017-14990 has been removed again. For reference, the original
advisory text follows.

WordPress stores cleartext wp_signups.activation_key values (but
stores the analogous wp_users.user_activation_key values as hashes),
which might make it easier for remote attackers to hijack unactivated
user accounts by leveraging database read access (such as access
gained through an unspecified SQL injection vulnerability).

Affected Software/OS:
wordpress on Debian Linux

Solution:
For Debian 7 'Wheezy', these problems have been fixed in version
3.6.1+dfsg-1~
deb7u19.

We recommend that you upgrade your wordpress packages.

CVSS Score:
4.0

CVSS Vector:
AV:N/AC:L/Au:S/C:P/I:N/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2017-14990

Copyright Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net

Dies ist nur einer von 99761 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.0.891151
Kategorie:	Debian Local Security Checks
Titel:	Debian LTS: Security Advisory for wordpress (DLA-1151-2)
Zusammenfassung:	The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and;caused a regression. It was discovered that an additional database;upgrade and further code changes would be necessary. At the moment;these changes are deemed as too intrusive and thus the initial patch;for CVE-2017-14990 has been removed again. For reference, the original;advisory text follows.;;WordPress stores cleartext wp_signups.activation_key values (but;stores the analogous wp_users.user_activation_key values as hashes),;which might make it easier for remote attackers to hijack unactivated;user accounts by leveraging database read access (such as access;gained through an unspecified SQL injection vulnerability).
Beschreibung:	Summary: The fix for CVE-2017-14990 issued as DLA-1151-1 was incomplete and caused a regression. It was discovered that an additional database upgrade and further code changes would be necessary. At the moment these changes are deemed as too intrusive and thus the initial patch for CVE-2017-14990 has been removed again. For reference, the original advisory text follows. WordPress stores cleartext wp_signups.activation_key values (but stores the analogous wp_users.user_activation_key values as hashes), which might make it easier for remote attackers to hijack unactivated user accounts by leveraging database read access (such as access gained through an unspecified SQL injection vulnerability). Affected Software/OS: wordpress on Debian Linux Solution: For Debian 7 'Wheezy', these problems have been fixed in version 3.6.1+dfsg-1~ deb7u19. We recommend that you upgrade your wordpress packages. CVSS Score: 4.0 CVSS Vector: AV:N/AC:L/Au:S/C:P/I:N/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2017-14990
Copyright	Copyright (C) 2018 Greenbone Networks GmbH http://greenbone.net