Discover Government News

Arch Linux Security Advisory ASA-201701-22
=========================================
Severity: High
Date    : 2017-01-15
CVE-ID  : CVE-2016-10033 CVE-2016-10045 CVE-2017-5487 CVE-2017-5488
          CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492
          CVE-2017-5493
Package : wordpress
Type    : multiple issues
Remote  : Yes
Link    : https://security.archlinux.org/AVG-142

Summary
======
The package wordpress before version 4.7.1-1 is vulnerable to multiple
issues including arbitrary code execution, cross-site scripting, access
restriction bypass, cross-site request forgery and insufficient
validation.

Resolution
=========
Upgrade to 4.7.1-1.

# pacman -Syu "wordpress>=4.7.1-1"

The problems have been fixed upstream in version 4.7.1.

Workaround
=========
None.

Description
==========
- CVE-2016-10033 (arbitrary code execution)

A vulnerability has been discovered in PHPMailer that could potentially
be used by unauthenticated remote attackers to achieve remote arbitrary
code execution in the context of the web server user and remotely
compromise the target web application. This issue can be triggered by
passing a maliciously crafted expression to the vulnerable application.

- CVE-2016-10045 (arbitrary code execution)

It has been discovered that the first patch of the vulnerability
CVE-2016-10033 in PHPMailer was incomplete and could potentially still
be used by unauthenticated remote attackers to achieve remote arbitrary
code execution in the context of the web server user and remotely
compromise the target web application. This issue can be triggered by
passing a maliciously crafted expression to the vulnerable application.

- CVE-2017-5487 (access restriction bypass)

A vulnerability has been discovered in wordpress exposing user data for
all users who had authored a post of a public post type via the REST
API. wordpress 4.7.1 limits this to only post types which have
specified that they should be shown within the REST API.

- CVE-2017-5488 (cross-site scripting)

A cross-site scripting (XSS) vulnerability has been discovered in
wordpress via the plugin name or version header on update-core.php.

- CVE-2017-5489 (cross-site request forgery)

A cross-site request forgery (CSRF) bypass has been discovered in
wordpress via uploading a Flash file.

- CVE-2017-5490 (cross-site scripting)

A cross-site scripting (XSS) vulnerability has been discovered in
wordpress via theme name fallback.

- CVE-2017-5491 (access restriction bypass)

A vulnerability has been discovered in wordpress allowing to post via
email as it checks for mail. if default settings aren't
changed.

- CVE-2017-5492 (cross-site request forgery)

A cross-site request forgery (CSRF) vulnerability has been discovered
in wordpress in the accessibility mode of widget editing.

- CVE-2017-5493 (insufficient validation)

An insufficient validation vulnerability has been discovered in
wordpress leading to weak cryptographic security for multisite
activation key.

Impact
=====
A remote attacker is able to perform a cross-site scripting or cross-site request forgery attack or possibly execute arbitrary code on the
affected host.

References
=========
https://bugs.archlinux.org/task/52555
https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/
https://seclists.org/oss-sec/2017/q1/95
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html
https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html
https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60
https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2
https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359
https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a
https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733
https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4
https://security.archlinux.org/CVE-2016-10033
https://security.archlinux.org/CVE-2016-10045
https://security.archlinux.org/CVE-2017-5487
https://security.archlinux.org/CVE-2017-5488
https://security.archlinux.org/CVE-2017-5489
https://security.archlinux.org/CVE-2017-5490
https://security.archlinux.org/CVE-2017-5491
https://security.archlinux.org/CVE-2017-5492
https://security.archlinux.org/CVE-2017-5493

ArchLinux: 201701-22: wordpress: multiple issues

January 15, 2017

Summary

- CVE-2016-10033 (arbitrary code execution) A vulnerability has been discovered in PHPMailer that could potentially be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. This issue can be triggered by passing a maliciously crafted expression to the vulnerable application.
- CVE-2016-10045 (arbitrary code execution)
It has been discovered that the first patch of the vulnerability CVE-2016-10033 in PHPMailer was incomplete and could potentially still be used by unauthenticated remote attackers to achieve remote arbitrary code execution in the context of the web server user and remotely compromise the target web application. This issue can be triggered by passing a maliciously crafted expression to the vulnerable application.
- CVE-2017-5487 (access restriction bypass)
A vulnerability has been discovered in wordpress exposing user data for all users who had authored a post of a public post type via the REST API. wordpress 4.7.1 limits this to only post types which have specified that they should be shown within the REST API.
- CVE-2017-5488 (cross-site scripting)
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via the plugin name or version header on update-core.php.
- CVE-2017-5489 (cross-site request forgery)
A cross-site request forgery (CSRF) bypass has been discovered in wordpress via uploading a Flash file.
- CVE-2017-5490 (cross-site scripting)
A cross-site scripting (XSS) vulnerability has been discovered in wordpress via theme name fallback.
- CVE-2017-5491 (access restriction bypass)
A vulnerability has been discovered in wordpress allowing to post via email as it checks for mail. if default settings aren't changed.
- CVE-2017-5492 (cross-site request forgery)
A cross-site request forgery (CSRF) vulnerability has been discovered in wordpress in the accessibility mode of widget editing.
- CVE-2017-5493 (insufficient validation)
An insufficient validation vulnerability has been discovered in wordpress leading to weak cryptographic security for multisite activation key.

Resolution

Upgrade to 4.7.1-1. # pacman -Syu "wordpress>=4.7.1-1"
The problems have been fixed upstream in version 4.7.1.

References

https://bugs.archlinux.org/task/52555 https://wordpress.org/news/2017/01/wordpress-4-7-1-security-and-maintenance-release/ https://seclists.org/oss-sec/2017/q1/95 https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10033-Vuln.html https://legalhackers.com/advisories/PHPMailer-Exploit-Remote-Code-Exec-CVE-2016-10045-Vuln-Patch-Bypass.html https://github.com/WordPress/WordPress/commit/daf358983cc1ce0c77bf6d2de2ebbb43df2add60 https://github.com/WordPress/WordPress/commit/c9ea1de1441bb3bda133bf72d513ca9de66566c2 https://github.com/WordPress/WordPress/commit/ce7fb2934dd111e6353784852de8aea2a938b359 https://github.com/WordPress/WordPress/commit/061e8788814ac87706d8b95688df276fe3c8596a https://github.com/WordPress/WordPress/commit/03e5c0314aeffe6b27f4b98fef842bf0fb00c733 https://github.com/WordPress/WordPress/commit/cea9e2dc62abf777e06b12ec4ad9d1aaa49b29f4 https://security.archlinux.org/CVE-2016-10033 https://security.archlinux.org/CVE-2016-10045 https://security.archlinux.org/CVE-2017-5487 https://security.archlinux.org/CVE-2017-5488 https://security.archlinux.org/CVE-2017-5489 https://security.archlinux.org/CVE-2017-5490 https://security.archlinux.org/CVE-2017-5491 https://security.archlinux.org/CVE-2017-5492 https://security.archlinux.org/CVE-2017-5493

Severity
CVE-2017-5489 CVE-2017-5490 CVE-2017-5491 CVE-2017-5492
CVE-2017-5493
Package : wordpress
Type : multiple issues
Remote : Yes
Link : https://security.archlinux.org/AVG-142

Workaround

None.

Related News