[Git][security-tracker-team/security-tracker][master] CVE-2019-8943/wordpress: precise jessie triage

Sylvain Beucler beuc at debian.org
Thu Oct 3 13:36:24 BST 2019 


Sylvain Beucler pushed to branch master at Debian Security Tracker / security-tracker


Commits:
bbe7ec80 by Sylvain Beucler at 2019-10-03T12:34:48Z
CVE-2019-8943/wordpress: precise jessie triage

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -24851,10 +24851,11 @@ CVE-2019-8944 (An Information Exposure issue in the Terraform deployment step in
 	NOT-FOR-US: Terraform
 CVE-2019-8943 (WordPress through 5.0.3 allows Path Traversal in wp_crop_image(). An a ...)
 	- wordpress <unfixed> (bug #923583)
-	[jessie] - wordpress <no-dsa> (Patching CVE-2019-8942 makes CVE-2019-8943 unexploitable)
+	[jessie] - wordpress <postponed> (requires privileged account, not directly exploitable as CVE-2019-8942 is fixed, no official patch)
 	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/
-	NOTE: The code execution angle is fixed via gd security, details on the rest are murky.
 	NOTE: This CVE is explicitly for the mentioned Path Traversal in wp_crop_image().
+	NOTE: Patching CVE-2019-8942 makes CVE-2019-8943 (RCE) not directly exploitable
+	NOTE: RCE would now require a vulnerable plugin, and a crop-resistant PHP webshell embedded in an image (preserved EXIF data, PNG IDAT reverse deflate...)
 	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#path-traversal-via-modified-post-meta
 	NOTE: https://blog.ripstech.com/2019/wordpress-image-remote-code-execution/#exploiting-the-path-traversal-lfi-in-theme-directory
 CVE-2019-8942 (WordPress before 4.9.9 and 5.x before 5.0.1 allows remote code executi ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbe7ec804cfa209c0bbbd8c8e0f61ea6dd28976c

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/bbe7ec804cfa209c0bbbd8c8e0f61ea6dd28976c
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20191003/1eb5f105/attachment.html>

More information about the debian-security-tracker-commits mailing list