Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4106

Overview

Vulnerability Score 5.1 5.1
CVE Id CVE-2008-4106
Last Modified 07 Mar 2011 10:11:57
Published 18 Sep 2008 01:59:33
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity HIGH
Authentication NONE

CVE-2008-4106

Summary

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability." NOTE: the attacker can discover the random password by also exploiting CVE-2008-4107.

Vulnerable Systems

Application

  • Wordpress 0.71-gold

  • Wordpress 1.0-platinum

  • Wordpress 1.0.1-miles

  • Wordpress 1.0.2-blakey

  • Wordpress 1.2-delta

  • Wordpress 1.2-mingus

  • Wordpress 1.2.1

  • Wordpress 1.2.2

  • Wordpress 1.5-strayhorn

  • Wordpress 1.5.1.1

  • Wordpress 1.5.1.2

  • Wordpress 1.5.1.3

  • Wordpress 1.5.2

  • Wordpress 2.0

  • Wordpress 2.0.1

  • Wordpress 2.0.10

  • Wordpress 2.0.11

  • Wordpress 2.0.4

  • Wordpress 2.0.5

  • Wordpress 2.0.6

  • Wordpress 2.0.7

  • Wordpress 2.0.9

  • Wordpress 2.1

  • Wordpress 2.1.1

  • Wordpress 2.1.2

  • Wordpress 2.1.3

  • Wordpress 2.2

  • Wordpress 2.2.1

  • Wordpress 2.2.2

  • Wordpress 2.2.3

  • Wordpress 2.5

  • Wordpress 2.5.1

  • Wordpress 2.6

  • Wordpress 2.6.1


References

CONFIRM - http://wordpress.org/development/2008/09/wordpress-262/

FEDORA - FEDORA-2008-7902

FEDORA - FEDORA-2008-7760

VUPEN - ADV-2008-2553

MISC - http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

MISC - http://www.sektioneins.de/advisories/SE-2008-05.txt

BID - 31068

BUGTRAQ - 20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability

MLIST - [oss-security] 20080911 CVE request: wordpress < 2.6.2

MILW0RM - 6421

MILW0RM - 6397

DEBIAN - DSA-1871

SECTRACK - 1020869

SREASON - 4272

SECUNIA - 31870

SECUNIA - 31737

MLIST - [oss-security] 20080916 Re: CVE request: wordpress < 2.6.2


Last Updated: 27 May 2016 10:48:23