NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Full-Disclosure> current

[Full-disclosure] WordPress 3.5.1, Denial of Service

From: Krzysztof Katowicz-Kowalewski (vndvndh.net)
Date: Tue Jun 11 2013 - 03:10:24 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Version 3.5.1 (latest) of popular blogging engine WordPress suffers from remote denial of service vulnerability. The bug exists in encryption module (class-phpass.php). The exploitation of this vulnerability is possible only when at least one post is protected by a password.

Time frames:
31.05.2013 WordPress security team has been informed about the vulnerability (no response).
07.06.2013 The vulnerability has been released to the public.

More information (including proof of concept):
https://vndh.net/note:wordpress-351-denial-service

A way out (before official WordPress update) to secure existing installations is to apply the following patch:

--- wp-includes/class-phpass.php
+++ wp-includes/class-phpass.php
-120,7 +120,7
return $output;

$count_log2 = strpos($this->itoa64, $setting[3]);
- if ($count_log2 < 7 || $count_log2 > 30)
+ if ($count_log2 < 7 || $count_log2 > 13)
return $output;

$count = 1 << $count_log2;

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.19 (Darwin)

iQIcBAEBCgAGBQJRtttxAAoJEEJGP6nEM7RcHDQP/2nsoJ7S/c20NXkCqRf1WmGD
/WbIJnDu145rTcIawSj+KSmyFTERteX+IinWRqd3tvOIL0krG3AUnRNuCtfNAh/9
KZN9ksPVsMRdSa6BjOolIIiIeoCYIFL1vWS+yIWqVdXgv6EPcYpI+XY5PzZm0k8e
UK1NzzYuJSz8bVXJ5JrM5Kn68GSqJBNx3dRomsUfOfNohoPHDqG2xYwTREAlaYga
5jNkJFEEjdZ//yIDtodgFZ3PgZktuG6v1MtLBL/AtQ79+D/wEhEOZVN0C3ECRxd3
r2HufySyd2sL1kiBPwM6L//3iiynvFA6whv9OW2SaHSEO7lld5VNBJ0XALF4rndL
raLF5V6JH4A8EbIBqLGZYMTPHd7SE3chEskZ0qj211IQvEH/RcDyBo6JqeEtQT5B
3NE+4mpcT1h+zn2UFEkUQtt6LAyVweRhHs4RL4Eun2FGV1Fr6av0teuwurHG8k+1
vGzMyntyeS6aTdWk0RRsoGOo0JwUt0avGm8L85rV8ptswGpRaxH/MF7/EYK/xdIl
Nb5WTj7XZFu8J3KjyRw7Hk9b7Z5e57Sy7XdiThrrfftttMuByzcFMG0hbDSTU1jb
ywm/ijLF7wfL1bLWJXGgVD4FkbGrB2J0SD8yjL6DdlHJCe9uMPEPycr2L+eIKZ7l
kZ8NaKk2T43uAu35eceC
=I/Er
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]