Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
nessusThis script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.DEBIAN_DSA-3085.NASL
HistoryDec 04, 2014 - 12:00 a.m.

Debian DSA-3085-1 : wordpress - security update

2014-12-0400:00:00
This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.
www.tenable.com
21
JSON

Multiple security issues have been discovered in Wordpress, a web blogging tool, resulting in denial of service or information disclosure. More information can be found in the upstream advisory at

  • CVE-2014-9031 Jouko Pynnonen discovered an unauthenticated cross site scripting vulnerability (XSS) in wptexturize(), exploitable via comments or posts.

  • CVE-2014-9033 Cross site request forgery (CSRF) vulnerability in the password changing process, which could be used by an attacker to trick an user into changing her password.

  • CVE-2014-9034 Javier Nieto Arevalo and Andres Rojas Guerrero reported a potential denial of service in the way the phpass library is used to handle passwords, since no maximum password length was set.

  • CVE-2014-9035 John Blackbourn reported an XSS in the ‘Press This’ function (used for quick publishing using a browser ‘bookmarklet’).

  • CVE-2014-9036 Robert Chapin reported an XSS in the HTML filtering of CSS in posts.

  • CVE-2014-9037 David Anderson reported a hash comparison vulnerability for passwords stored using the old-style MD5 scheme.
    While unlikely, this could be exploited to compromise an account, if the user had not logged in after a Wordpress 2.5 update (uploaded to Debian on 2 Apr, 2008) and the password MD5 hash could be collided with due to PHP dynamic comparison.

  • CVE-2014-9038 Ben Bidner reported a server side request forgery (SSRF) in the core HTTP layer which unsufficiently blocked the loopback IP address space.

  • CVE-2014-9039 Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a vulnerability in the password reset process: an email address change would not invalidate a previous password reset email.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3085. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(79696);
  script_version("1.7");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2014-9031", "CVE-2014-9033", "CVE-2014-9034", "CVE-2014-9035", "CVE-2014-9036", "CVE-2014-9037", "CVE-2014-9038", "CVE-2014-9039");
  script_bugtraq_id(71231, 71232, 71233, 71234, 71236, 71237, 71238);
  script_xref(name:"DSA", value:"3085");

  script_name(english:"Debian DSA-3085-1 : wordpress - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Multiple security issues have been discovered in Wordpress, a web
blogging tool, resulting in denial of service or information
disclosure. More information can be found in the upstream advisory at

  - CVE-2014-9031
    Jouko Pynnonen discovered an unauthenticated cross site
    scripting vulnerability (XSS) in wptexturize(),
    exploitable via comments or posts.

  - CVE-2014-9033
    Cross site request forgery (CSRF) vulnerability in the
    password changing process, which could be used by an
    attacker to trick an user into changing her password.

  - CVE-2014-9034
    Javier Nieto Arevalo and Andres Rojas Guerrero reported
    a potential denial of service in the way the phpass
    library is used to handle passwords, since no maximum
    password length was set.

  - CVE-2014-9035
    John Blackbourn reported an XSS in the 'Press This'
    function (used for quick publishing using a browser
    'bookmarklet').

  - CVE-2014-9036
    Robert Chapin reported an XSS in the HTML filtering of
    CSS in posts.

  - CVE-2014-9037
    David Anderson reported a hash comparison vulnerability
    for passwords stored using the old-style MD5 scheme.
    While unlikely, this could be exploited to compromise an
    account, if the user had not logged in after a Wordpress
    2.5 update (uploaded to Debian on 2 Apr, 2008) and the
    password MD5 hash could be collided with due to PHP
    dynamic comparison.

  - CVE-2014-9038
    Ben Bidner reported a server side request forgery (SSRF)
    in the core HTTP layer which unsufficiently blocked the
    loopback IP address space.

  - CVE-2014-9039
    Momen Bassel, Tanoy Bose, and Bojan Slavkovic reported a
    vulnerability in the password reset process: an email
    address change would not invalidate a previous password
    reset email."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=770425"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9031"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9033"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9034"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9035"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9036"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9037"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9038"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2014-9039"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/wordpress"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2014/dsa-3085"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wordpress packages.

For the stable distribution (wheezy), these problems have been fixed
in version 3.6.1+dfsg-1~deb7u5.

For the upcoming stable distribution (jessie), these problems have
been fixed in version 4.0.1+dfsg-1."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2014/12/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2014/12/04");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2014-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"wordpress", reference:"3.6.1+dfsg-1~deb7u5")) flag++;
if (deb_check(release:"7.0", prefix:"wordpress-l10n", reference:"3.6.1+dfsg-1~deb7u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
VendorProductVersionCPE
debiandebian_linuxwordpressp-cpe:/a:debian:debian_linux:wordpress
debiandebian_linux7.0cpe:/o:debian:debian_linux:7.0

References

Related

openvas 8
osv 2
debian 2
securityvulns 3
nessus 8
mageia 1
fedora 3
freebsd 1
debiancve 8
ubuntucve 8
prion 8
patchstack 8
wpvulndb 4
cve 8
veracode 2
zdt 1
wpexploit 1
packetstorm 2
exploitpack 1
metasploit 1
exploitdb 1
openvas
openvas
Debian Security Advisory DSA 3085-1 (wordpress - security update)
2014-12-03 00:00:00
Debian: Security Advisory (DSA-3085-1)
2014-12-02 00:00:00
Fedora Update for wordpress FEDORA-2014-15560
2015-01-05 00:00:00
osv
osv
wordpress - security update
2014-12-03 00:00:00
wordpress - security update
2015-06-01 00:00:00
debian
debian
[SECURITY] [DSA 3085-1] wordpress security update
2014-12-03 08:38:56
[SECURITY] [DLA 236-1] wordpress security update
2015-06-01 12:11:28
securityvulns
securityvulns
[ MDVSA-2014:233 ] wordpress
2014-12-01 00:00:00
WordPress <=4.0 Denial of Service Exploit (CVE-2014-9034)
2014-12-01 00:00:00
Web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
2014-12-01 00:00:00
nessus
nessus
Mandriva Linux Security Advisory : wordpress (MDVSA-2014:233)
2014-11-28 00:00:00
Fedora 20 : wordpress-4.0.1-1.fc20 (2014-15507)
2014-12-03 00:00:00
Fedora 19 : wordpress-4.0.1-1.fc19 (2014-15526)
2014-12-03 00:00:00
mageia
mageia
Updated wordpress package fixes security vulnerabilities
2014-11-26 20:29:06
fedora
fedora
[SECURITY] Fedora 21 Update: wordpress-4.0.1-1.fc21
2014-12-06 10:12:34
[SECURITY] Fedora 20 Update: wordpress-4.0.1-1.fc20
2014-12-03 01:03:45
[SECURITY] Fedora 19 Update: wordpress-4.0.1-1.fc19
2014-12-03 01:05:40
freebsd
freebsd
wordpress -- multiple vulnerabilities
2014-11-25 00:00:00
debiancve
debiancve
CVE-2014-9036
2014-11-25 23:59:00
CVE-2014-9037
2014-11-25 23:59:00
CVE-2014-9035
2014-11-25 23:59:00
ubuntucve
ubuntucve
CVE-2014-9033
2014-11-25 00:00:00
CVE-2014-9037
2014-11-25 00:00:00
CVE-2014-9031
2014-11-25 00:00:00
prion
prion
Cross site scripting
2014-11-25 23:59:00
Cross site scripting
2014-11-25 23:59:00
Design/Logic Flaw
2014-11-25 23:59:00
patchstack
patchstack
WordPress <= 4.0.0 - CSRF
2014-11-20 00:00:00
WordPress <=4.0.1 - Denial of Service Attacks
2014-12-01 00:00:00
WordPress <= 4.0.0 - Multiple Vulnerabilities #2
2014-11-20 00:00:00
wpvulndb
wpvulndb
WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
2014-11-20 19:52:43
WordPress <= 4.0 - Long Password Denial of Service (DoS)
2014-11-20 20:02:12
WordPress <= 4.0 - CSRF in wp-login.php Password Reset
2014-11-25 22:57:27
cve
cve
CVE-2014-9031
2014-11-25 23:59:00
CVE-2014-9033
2014-11-25 23:59:00
CVE-2014-9036
2014-11-25 23:59:00
veracode
veracode
Denial Of Service(DoS) Via CPU Consumption
2017-08-10 08:10:58
Cross-Site Scripting (XSS)
2017-08-08 08:32:31
zdt
zdt
WordPress 4.0 Denial Of Service Exploit
2014-12-01 00:00:00
wpexploit
wpexploit
WordPress 3.0-3.9.2 - Unauthenticated Stored Cross-Site Scripting (XSS)
2014-11-20 19:52:43
packetstorm
packetstorm
WordPress 4.0 Denial Of Service
2014-11-29 00:00:00
Drupal / WordPress Memory Exhaustion
2014-12-01 00:00:00
exploitpack
exploitpack
WordPress 4.0 - Denial of Service
2014-12-01 00:00:00
metasploit
metasploit
WordPress Long Password DoS
2015-01-04 18:50:23
exploitdb
exploitdb
WordPress Core 4.0 - Denial of Service
2014-12-01 00:00:00
JSON
Related for DEBIAN_DSA-3085.NASL
openvas8osv2debian2securityvulns3nessus8mageia1fedora3freebsd1debiancve8ubuntucve8prion8patchstack8wpvulndb4cve8veracode2zdt1wpexploit1packetstorm2exploitpack1metasploit1exploitdb1