Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200606-08] WordPress: Arbitrary command execution Vulnerability Scan
Vulnerability Scan Summary
WordPress: Arbitrary command execution
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200606-08
(WordPress: Arbitrary command execution)
rgod discovered that WordPress insufficiently checks the format of
cached username data.
A possible hacker could exploit this vulnerability to execute arbitrary
commands by sending a specially crafted username. As of Wordpress 2.0.2
the user data cache is disabled by default.
There are no known workarounds at this time.
All WordPress users should upgrade to the latest available version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/wordpress-2.0.3"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.