Debian DLA-1742-1 : wordpress security update

high Nessus Plugin ID 123529

Synopsis

The remote Debian host is missing a security update.

Description

Simon Scannell of Ripstech Technologies discovered multiple vulnerabilities in wordpress, a web blogging manager.

CVE-2019-8942

remote code execution in wordpress because an _wp_attached_file Post Meta entry can be changed to an arbitrary string, such as one ending with a .jpg?file.php substring. An attacker with author privileges can execute arbitrary code by uploading a crafted image containing PHP code in the Exif metadata.

CVE-2019-9787

wordpress does not properly filter comment content, leading to Remote Code Execution by unauthenticated users in a default configuration.
This occurs because CSRF protection is mishandled, and because Search Engine Optimization of A elements is performed incorrectly, leading to XSS. The XSS results in administrative access.

For Debian 8 'Jessie', these problems have been fixed in version 4.1.26+dfsg-1+deb8u1.

We recommend that you upgrade your wordpress packages.

NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Solution

Upgrade the affected packages.

See Also

https://lists.debian.org/debian-lts-announce/2019/03/msg00044.html

https://packages.debian.org/source/jessie/wordpress

Plugin Details

Severity: High

ID: 123529

File Name: debian_DLA-1742.nasl

Version: 1.7

Type: local

Agent: unix

Published: 4/1/2019

Updated: 1/11/2021

Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Continuous Assessment, Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.6

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS Score Source: CVE-2019-9787

CVSS v3

Risk Factor: High

Base Score: 8.8

Temporal Score: 8.2

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Temporal Vector: CVSS:3.0/E:F/RL:O/RC:C

Vulnerability Information

CPE: p-cpe:/a:debian:debian_linux:wordpress-theme-twentythirteen, p-cpe:/a:debian:debian_linux:wordpress, p-cpe:/a:debian:debian_linux:wordpress-l10n, p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfourteen, cpe:/o:debian:debian_linux:8.0, p-cpe:/a:debian:debian_linux:wordpress-theme-twentyfifteen

Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/31/2019

Vulnerability Publication Date: 2/20/2019

Exploitable With

Metasploit (WordPress Crop-image Shell Upload)

Reference Information

CVE: CVE-2019-8942, CVE-2019-9787