[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Message-ID: <030a01ceee04$a394a230$9b7a6fd5@pc>
Date: Sat, 30 Nov 2013 21:44:01 +0200
From: "MustLive" <mustlive@...security.com.ua>
To: <submissions@...ketstormsecurity.org>, <full-disclosure@...ts.grok.org.uk>
Subject: Vulnerabilities hiddenly fixed in WordPress 3.6
and 3.6.1
Hello list!
In July I wrote about one vulnerability in WordPress, which were hiddenly
fixed in version 3.5.2 (http://securityvulns.ru/docs29555.html). Here are
new ones.
These are hiddenly fixed vulnerabilities in such versions of WordPress as
3.6 and 3.6.1. Developers of WP intentionally haven't wrote about them to
decrease official number of fixed holes. Which is typical for them - since
2007 they often hide fixed vulnerabilities.
As I wrote in September (http://websecurity.com.ua/6795/), there are 9 FPD
vulnerabilities, which were hiddenly fixed in WP 3.6. They were not
mentioned in announcement, only mentioned in Codex (as "bugs"). Even there
were cases, when WP developers wrote about fixed FPD in official
announcements.
Full path disclosure (WASC-13):
In Media Library if an attachment parent does not exist.
In function parent_dropdown().
In function wp_new_comment().
In function mb_internal_encoding().
At processing of image metadata.
In function get_post_type_archive_feed_link().
In function WP_Image_Editor::multi_resize().
In function wp_generate_attachment_metadata().
At deleting or restoring an item that no longer exists.
Vulnerable are WordPress 3.5.2 and previous versions.
As I wrote in November (http://websecurity.com.ua/6904/), there are 3 FPD
vulnerabilities, which were hiddenly fixed in WP 3.6.1. They were not
mentioned in announcement or Codex. Even there were cases, when WP
developers wrote about fixed FPD in official announcements.
Full path disclosure (WASC-13):
In function get_allowed_mime_types().
In function set_url_scheme().
In function comment_form().
Vulnerable are WordPress 3.6 and previous versions.
Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists