Debian DSA-3375-1 : wordpress - security update

2015-10-20T00:00:00
ID DEBIAN_DSA-3375.NASL
Type nessus
Reporter Tenable
Modified 2018-11-10T00:00:00

Description

Several vulnerabilities have been fixed in Wordpress, the popular blogging engine.

  • CVE-2015-5714 A cross-site scripting vulnerability when processing shortcode tags has been discovered.

The issue has been fixed by not allowing unclosed HTML elements in attributes.

  • CVE-2015-5715 A vulnerability has been discovered, allowing users without proper permissions to publish private posts and make them sticky.

The issue has been fixed in the XMLRPC code of Wordpress by not allowing private posts to be sticky.

  • CVE-2015-7989 A cross-site scripting vulnerability in user list tables has been discovered.

The issue has been fixed by URL-escaping email addresses in those user lists.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3375. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(86448);
  script_version("2.9");
  script_cvs_date("Date: 2018/11/10 11:49:37");

  script_cve_id("CVE-2015-5714", "CVE-2015-5715", "CVE-2015-7989");
  script_xref(name:"DSA", value:"3375");

  script_name(english:"Debian DSA-3375-1 : wordpress - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities have been fixed in Wordpress, the popular
blogging engine.

  - CVE-2015-5714
    A cross-site scripting vulnerability when processing
    shortcode tags has been discovered.

  The issue has been fixed by not allowing unclosed HTML elements in
  attributes.

  - CVE-2015-5715
    A vulnerability has been discovered, allowing users
    without proper permissions to publish private posts and
    make them sticky.

  The issue has been fixed in the XMLRPC code of Wordpress by not
  allowing private posts to be sticky.

  - CVE-2015-7989
    A cross-site scripting vulnerability in user list tables
    has been discovered.

  The issue has been fixed by URL-escaping email addresses in those
  user lists."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=799140"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5714"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-5715"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-7989"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/wordpress"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2015/dsa-3375"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the wordpress packages.

For the oldstable distribution (wheezy), these problems will be fixed
in later update.

For the stable distribution (jessie), these problems have been fixed
in version 4.1+dfsg-1+deb8u5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/10/19");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/10/20");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015-2018 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"8.0", prefix:"wordpress", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-l10n", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentyfifteen", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentyfourteen", reference:"4.1+dfsg-1+deb8u5")) flag++;
if (deb_check(release:"8.0", prefix:"wordpress-theme-twentythirteen", reference:"4.1+dfsg-1+deb8u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
  else security_warning(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");