Full Disclosure mailing list archives
Re: Wordpress Remote Exploit - W3 Total Cache
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 27 Dec 2012 10:50:25 -0700
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 12/24/2012 03:56 AM, Jason A. Donenfeld wrote:
On Mon, Dec 24, 2012 at 7:39 AM, Jason A. Donenfeld <Jason () zx2c4 com> wrote:realizing. I'm copying the author on this email, as he may want to include a warning message where nieve folks like myself can see it, or document these somewhere if they're not already, or at least apply the two .htaccess tweaks mentioned above.I thought it might be worth amending to the list that I've just had a long phone conversation with the author of the vulnerable code, and we discussed several different solutions to solving the likelihood of a user's misconfiguration as well as mitigating the potential damage that could be caused by it. The author said he intends to release a fix soon.
Does this need a CVE identifier? If so please see http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html and send the request to oss-security () lists openwall com so there is a public record of it and I will assign a CVE(s) as appropriate. Thank you. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with undefined - http://www.enigmail.net/ iQIcBAEBAgAGBQJQ3IphAAoJEBYNRVNeJnmTqhwP/j7EwgwzPfe1lTEZ9gVMGOID IT2YLBXmyXefrsCLqPh61oI84G0tQHK00zodkPZ0uXPEhoRdPEFo1OcrlFmtzVGb jat0B3JUn5GH+7GaC9oFetWQJPu6gaW2Jo3kspIUQSQtCYCzBbkTjXk1fDJil7Xx WwHMABoy1QPMc+XMPoiXAQ/sdhIoddJgKCy+InEI2sPgIxkSjYT77lfKBh5DQpj6 afdxLkGO8azCeHDdAQ3GgkivVXPgxy6jhhK/bvudf5qhXUchb+AkUjhrjYafkCB+ Df8pqkU9qkOUG75Rcp9ocL7AUiw9A3Dc2L4ZE/Z2Wsp9kZ4EMaBZL5+OcwIzWBvW EnCupoeo7WtjYXskGSRKplXuwtSsJc8XcKnqw60YP1tuQLXa1NJlhY6btYsOkKe6 J4V5E3scKMBns9pLEQJUI+I7kf+nJl+5sL3Ci1bGAZGTHY3i26RZWFbWWp9ywxUI jNImJEKbHgvhKsfNneE+Yryiy+aSHMNUlomRM6Np6wsS6SpJJsCxp94h5Y+/pcFo C7+N1c9JqZbum64zqfCTxjX/smgcwZHF882f+H/9O7MOVV5vk0vBo0yfYwU8L8fS EwKkj5ZUrmoRh/oh+6ravkI2R3/0eijza4WXiBeaJJLsBHPmTMOu/hOU71WTTBzz mezA8ZLisITzfhCevOJl =831H -----END PGP SIGNATURE----- _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Wordpress Remote Exploit - W3 Total Cache Jason A. Donenfeld (Dec 23)
- Re: Wordpress Remote Exploit - W3 Total Cache Jason A. Donenfeld (Dec 24)
- Re: Wordpress Remote Exploit - W3 Total Cache Frederick Townes (Dec 28)
- Re: Wordpress Remote Exploit - W3 Total Cache Kurt Seifried (Dec 28)
- Re: Wordpress Remote Exploit - W3 Total Cache Jason A. Donenfeld (Dec 24)
- Re: Wordpress Remote Exploit - W3 Total Cache Grandma Eubanks (Dec 24)
- Re: Wordpress Remote Exploit - W3 Total Cache Jason A. Donenfeld (Dec 24)