SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Forum/Board/Portal)  >   WordPress Vendors:   wordpress.org
WordPress Bug in 'class-phpass.php' Lets Remote Users Deny Service
SecurityTracker Alert ID:  1028658
SecurityTracker URL:  http://securitytracker.com/id/1028658
CVE Reference:   CVE-2013-2173   (Links to External Site)
Updated:  Jun 25 2013
Original Entry Date:  Jun 11 2013
Impact:   Denial of service via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.5.1
Description:   A vulnerability was reported in WordPress. A remote user can cause denial of service conditions.

A remote user can with knowledge of a password-protected post can supply a specially crafted cookie value to consume excessive CPU resources on the target system.

The vulnerability resides in '/wp-includes/class-phpass.php'.

The vendor was notified on May 31, 2013 without response.

The original advisory is available at:

https://vndh.net/note:wordpress-351-denial-service

Krzysztof Katowicz-Kowalewski reported this vulnerability.

Impact:   A remote user can cause excessive CPU consumption on the target system.
Solution:   The vendor has issued a fix (3.5.2).

The vendor's advisory is available at:

http://wordpress.org/news/2013/06/wordpress-3-5-2/

Vendor URL:  wordpress.org/news/2013/06/wordpress-3-5-2/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  WordPress 3.5.1, Denial of Service

--Apple-Mail=_B3B19972-2CCC-459B-B083-2372157C5D86
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain;
	charset=us-ascii

Version 3.5.1 (latest) of popular blogging engine WordPress suffers from =
remote denial of service vulnerability. The bug exists in encryption =
module (class-phpass.php). The exploitation of this vulnerability is =
possible only when at least one post is protected by a password.

Time frames:
31.05.2013 WordPress security team has been informed about the =
vulnerability (no response).
07.06.2013 The vulnerability has been released to the public.

More information (including proof of concept):
https://vndh.net/note:wordpress-351-denial-service

A way out (before official WordPress update) to secure existing =
installations is to apply the following patch:

--- wp-includes/class-phpass.php
+++ wp-includes/class-phpass.php
@@ -120,7 +120,7 @@
 			return $output;
=20
 		$count_log2 =3D strpos($this->itoa64, $setting[3]);
-		if ($count_log2 < 7 || $count_log2 > 30)
+		if ($count_log2 < 7 || $count_log2 > 13)
 			return $output;
=20
 		$count =3D 1 << $count_log2;=

--Apple-Mail=_B3B19972-2CCC-459B-B083-2372157C5D86
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
	filename=signature.asc
Content-Type: application/pgp-signature;
	name=signature.asc
Content-Description: Message signed with OpenPGP using GPGMail

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iQIcBAEBCgAGBQJRsgp8AAoJEEJGP6nEM7RcGY8P/iV6Tj9Ll99zb/Sz/JIMB9Hy
+vBHRp5IDLXQP9BzHfcryEQrKhCQW2Z2Elqm5d2pdH239CNTBrPMpHAo7GaNIeb4
8oaVcMOl0YAMJqm1xx/mzQeJ64WH4SyKZStz81K+0hNqN0Vq1pCsJMCHlXiCYDDj
jmS/K78w6sbTf+u1X0sy7DLDYdsUQSW1ZbTp7PHh0P0ONw0VD7drbNlkiJzISnTc
eUe/noQd6gcPQyg9zhuvMrl2NH2f+pWIokPGXuAdVS/AUBRl/TiS7SAWm7PpzbWr
FbSEhwmQ2fpQGGLnFJpvoJVaVGtiTXN/SS9R4viwWWUJMRHNpBBs51hFbbHYZDZt
Jfa1Yewp+KeXUgMQzJGxxgd+ireHkI/yNW0g3g+Rf+mKR/9wecbCaQibjUndyMSi
w36ynrbvjq/sWxm0WfSojMU8M+Uro1fYoq1ZA0FR2Je9E8d7SWN4KRYxKJeA3/PX
XgEKlLSLbBjOoig0ElJmTnGy/78ZK4n0AQJlPzzflDnfK3+VBpxi26hUhz+xRK37
EDb+ZJlP8dhz8t94kJx0xZ9ZQauMEro8SCAaSctFUhn4IVMbNdq09wwzNzLIGc2D
X2iAP2sO1FXJqLA955PXLQzCB1F5NbzZIqNb1HuuLbMB+zmfwfOoZ+a0iQQcaK6a
Pf0FRQYqleJZCzH4s62Z
=jSm+
-----END PGP SIGNATURE-----

--Apple-Mail=_B3B19972-2CCC-459B-B083-2372157C5D86--
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC