WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

Bugtraq ID:	31068
Class:	Design Error
CVE:	CVE-2008-4106
Remote:	Yes
Local:	No
Published:	Sep 08 2008 12:00AM
Updated:	Apr 13 2015 10:16PM
Credit:	Stefan Esser, irk4z
Vulnerable:	WordPress WordPress 2.6.1 Debian Linux 5.0 sparc Debian Linux 5.0 s/390 Debian Linux 5.0 powerpc Debian Linux 5.0 mipsel Debian Linux 5.0 mips Debian Linux 5.0 m68k Debian Linux 5.0 ia-64 Debian Linux 5.0 ia-32 Debian Linux 5.0 hppa Debian Linux 5.0 armel Debian Linux 5.0 arm Debian Linux 5.0 amd64 Debian Linux 5.0 alpha Debian Linux 5.0 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 armel Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0
Not Vulnerable:	WordPress WordPress 2.6.2

WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

WordPress is prone to an unauthorized-access vulnerability.

Successfully exploiting this issue will allow attackers to reset the password of arbitrary accounts.

WordPress 2.6.1 is vulnerable; other versions may also be affected.

WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

Attackers may exploit this issue through a browser.

WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

Solution:
The vendor has addressed this issue in WordPress 2.6.2. Contact the vendor for more information.


Debian Linux 4.0 amd64

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 ia-32

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 arm

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0 hppa

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 ia-64

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 4.0 hppa

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 sparc

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 s/390

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0 m68k

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 arm

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 4.0 powerpc

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 alpha

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 armel

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0 armel

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 4.0 m68k

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 4.0

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 mipsel

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0 amd64

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 alpha

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 ia-32

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 mips

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 s/390

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 mipsel

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 5.0 powerpc

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

Debian Linux 4.0 ia-64

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 4.0 mips

• Debian wordpress_2.0.10-1etch4_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.0 .10-1etch4_all.deb

Debian Linux 5.0 sparc

• Debian wordpress_2.5.1-11+lenny1_all.deb
  http://security.debian.org/pool/updates/main/w/wordpress/wordpress_2.5 .1-11+lenny1_all.deb

WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

References:

• MySQL and SQL Column Truncation Vulnerabilities (Stefan Esser)
  
• WordPress 2.6.2 (Wordpress)
  
• Wordpress church_admin Plugin "id" Cross-Site Scripting Vulnerability (Sammy Forgit)
  
• Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability (Stefan Esser )
  
• Wordpress user_login Column SQL Truncation Vulnerability (Stefan Esser)