Ticket #3781 (closed defect: fixed)

Opened 2 years ago

Last modified 2 years ago

Vulnerability in nonce AYS

Reported by: PsychoGun Assigned to: anonymous
Priority: highest omg bbq Milestone: 2.0.9
Component: Security Version: 2.0.7
Severity: blocker Keywords:
Cc:

Description

Hi,

I found a vulnerability in wordpress, i made an exploit and i transmitted everything to these security websites: mil0rwm, securityfocus, secunia ect E-mail me if you want more specifications.

Change History

02/12/07 16:18:27 changed by foolswisdom

  • milestone changed from 2.3 to 2.1.1.

02/12/07 16:22:48 changed by foolswisdom

Please email the details to security@wordpress.com .

02/12/07 16:23:33 changed by foolswisdom

LOL, that should be secuirty@wordpress.ORG .

02/12/07 16:24:35 changed by foolswisdom

Alright, I give up, going back to bed: security@wordpress.org

02/13/07 12:24:22 changed by Viper007Bond

  • component changed from Administration to Security.

02/14/07 07:33:50 changed by Nazgul

  • status changed from new to closed.
  • resolution set to fixed.

Fixed in [4876]

02/16/07 00:38:52 changed by ryan

  • version set to 2.0.7.
  • milestone changed from 2.1.1 to 2.0.9.

02/16/07 01:04:04 changed by foolswisdom

  • severity changed from normal to blocker.

Fixed on all branches
2.0.9 [4877]
2.1.1 [4876]
trunk [4875]

02/19/07 04:47:19 changed by ryan

  • summary changed from Vulnerability in wordpress to Vulnerability in nonce AYS.

02/21/07 17:21:55 changed by ryan

http://www.securityfocus.com/bid/22534 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1049

02/21/07 17:22:10 changed by ryan

Fixed for both 2.0.9 and 2.1.1.