Re: CVE-request: WordPress insufficient permissions verification on XMLRPC interface

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 09/14/2012 06:55 AM, Henri Salo wrote:
> Hello,
>
> Please assign 2010 CVE-identifier for XML-RPC interface access
> restriction bypass issue in WordPress.
>
> Description: WordPress contains a flaw related to the XML-RPC
> remote publishing interface. The interface fails to properly
> enforce access control restrictions, allowing a remote attacker to
> bypass restrictions and improperly edit, publish or delete posts.
>
> References: 1. http://osvdb.org/69761 2.
> http://core.trac.wordpress.org/changeset/16803 3.
> http://secunia.com/advisories/42553/ 4.
> http://wordpress.org/news/2010/12/wordpress-3-0-3/ 5.
> http://codex.wordpress.org/Version_3.0.3
>
> - Henri Salo

Please use CVE-2010-5106 for this issue.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://www.enigmail.net/

iQIcBAEBAgAGBQJQU2smAAoJEBYNRVNeJnmTY9IQAN2N50T1wofPQddZM/5DUfJ8
eoeFGX4DTAKZ7423Wzw/UlP0vBWQBUOrq/w6L2pbC5kJem9VIKU3cacvYNdncFno
BwCbRajxKijpbdAflXo0bPaWoNWVXVDF7spH7MQxO2QZvrh8yx8dk5/nNpsjTC2P
RAMQKYm5JlMrezZZbCYDFxXZVEUcRPTNLjLr4cqZUTcbA60VZTGXd54+Kq0KQzC9
W15i7NvAvpJT/47Ej9z+NlOPXpqv8PmVzIiUZi32TYB3VS8mW4cHkp/PxdvAHxmT
7NqpWfY1WIHKap/oCbZ1vRMakkD3zr+GxagQ3zI0H8mcb/aFUSNHZSutpC0XoKXW
pbyEsXLAaO/NGS1hBJbUGAN7gaSaLujVu6wtItj1OV+cnFreS/q3V7kwanJNpj0v
l9NjAydDPfSm7pvNwW+qmkUmdcJEW8a81oemA6n//PrY09i2DE1SpcLE6zGkTjoz
Y9mw3M6QXrN3yM9sic/xGbC4xjAUSohJDR8kdCTs/Ea+XAHafwclVYwZHtg+2lNc
BbVjkeFkUqAm4VXD7fZ2oWf4gWvRziaB/90s6LoXefKncdFFYv3e/07d+ofIR2rW
mrpvxM6nIx5tEuPiXkvgxg0H3I7h3Z8gXqpRe4KmrJoZ8Uc9dOB7C36G2qDU7vff
paPxYP7gMDMeedAm2DHE
=Z/jr
-----END PGP SIGNATURE-----