oss-sec mailing list archives
W3 Total Cache 0.9.2.8 Remote Code Exec
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 24 Apr 2013 12:46:51 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Is there any way to get the WordPress community involved in actually handling security issues properly? E.g. requesting CVE's, or heck, I'll settle for being notified via email directly. I found out about this stuff on Reddit (linked to Tony Perez's blog posting) so I read the code and voila: http://wordpress.org/extend/plugins/w3-total-cache/ +* Improved security for mfunc, now disabled by default and requires security string in order to execute + if (!defined('W3TC_DYNAMIC_SECURITY')) + return; + $buffer = preg_replace_callback('~<!--\s*mfunc\s*' . W3TC_DYNAMIC_SECURITY . '(.*)-->(.*)<!--\s*/mfunc\s*' . W3TC_DYNAMIC_SECURITY . '\s*-->~Uis', array( Please use CVE-2013-2010 for this issue. - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJReCibAAoJEBYNRVNeJnmTVJYP/1kkvewSW9TCa+4j7fg+1YOG YD3noZd9vttAkJBhR7y30Wi4/16WwtMHfrmTVxRjh7o6ZSv2fvZMZI0GrICdWIFE pLStD6eKe8eIumV/1iAVL5514Qm50oJ/ZcCGVTmfz7Isf8df1s5Udz6VMqLIZpjG nosnQfSyOr7rcycmGPbXdTMguCczrj4aRPLOcH5PdY1T9JCiJar/2UmqWYZw2M0U fA1BE38++tDYmSNi7XoLkfpUt6Z7Bk19QzGCDBBpqY7aWefo4UWEQ9Amx3mj6TCL gFv5F9n763UeEzXRYHu2gawF+eXfW21Iz+EzsSyP/UvNqqfYe+/oaieb7yh8Iqq2 icrXAhCe/5gbyx2DG98ldoE7Zj1CEsN1Wqmc+3SHWGoBI3el/TG6iCRBZeGk/Vje xG2U0wwXvO7jInaurLt7SsK5MKU2ALh/22MhX8t+1wsuOtC20FKTh5F9TCThmtxu evYMi+tyEcNvNE2E9F52VK5t+/QGWMeXVS8lH2y3nw02a3Vv9hUvQz1JwQ2dZQNr hEsBZBDR15TAt+umbEDUSobDtB8xX+NT9rZ6F7dAkJ8O3kTB5ZQRAcpAL7kdWYOL pv14kiwJFXEV3JWYRhU1FKti99QHWVgP4iR2a9wThJ8WSNhkQGzusv4fz8xarpgl vEyGkNH3sBenzVmbbxQj =h+jS -----END PGP SIGNATURE-----
Current thread:
- W3 Total Cache 0.9.2.8 Remote Code Exec Kurt Seifried (Apr 24)