Hi, 2008/11/7 Thijs Kinkhorst <[EMAIL PROTECTED]>: > Hi, > > I don't think this is a grave security issue. It is only a DoS for one client > application, which requires another vulnerability to be present, can be
It is not just about the DoS (because as I demonstrated, there are other possible attacks). The whole point is that wordpress' (ab)use of $_REQUEST is leading to more and more possible attacks (as I also demonstrated by showing how etch's version is less worst than lenny's). > easily resolved by deleting the relevant cookies, and does no other harm. As Yes, but it only applies to some cases. The users deletion attack can only be noticed a) if you are paranoid and check the cookies before you log in, b) when you wonder why wordpress says it deleted some users without even asking you when all you did was take a look at the users administration page! > there are many ways to DoS (web)applications and the impact is small I > suggest to downgrade the severity to normal. I do really believe it deservers to be considered as critical; although if you (or anyone else from the team) really insists I would not accept anything below important. Think about web hosting services where they share the same domain but use a different subdomain, it is possible for one site to inject cookies that will affect the others. There are many other possible attacks via cookies, I only reported the first ones I found via a quick grep on the source code. > > It would be good to fix the bug of course. > bug*s*, and make sure upstream gets the "please stop using $_REQUEST!" message". > > Thijs > Cheers, -- Raphael Geissert - Debian Maintainer www.debian.org - get.debian.net Bill Vaughan - "The tax collector must love poor people, he's creating so many of them." -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
