Vulnerabilities > CVE-2006-4028 - Remote Security vulnerability in WordPress

047910
CVSS 10.0 - CRITICAL
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
low complexity
wordpress
critical
nessus
NVD
Published: 2006-08-09
Updated: 2011-09-01

Summary

Multiple unspecified vulnerabilities in WordPress before 2.0.4 have unknown impact and remote attack vectors. NOTE: due to lack of details, it is not clear how these issues are different from CVE-2006-3389 and CVE-2006-3390, although it is likely that 2.0.4 addresses an unspecified issue related to "Anyone can register" functionality (user registration for guests).

Vulnerable Configurations

Part Description Count
Application
Wordpress
4

Nessus

NASL familyGentoo Local Security Checks
NASL idGENTOO_GLSA-200608-19.NASL
descriptionThe remote host is affected by the vulnerability described in GLSA-200608-19 (WordPress: Privilege escalation) The WordPress developers have confirmed a vulnerability in capability checking for plugins. Impact : By exploiting a flaw, a user can circumvent WordPress access restrictions when using plugins. The actual impact depends on the configuration of WordPress and may range from trivial to critical, possibly even the execution of arbitrary PHP code. Workaround : There is no known workaround at this time.
last seen2020-06-01
modified2020-06-02
plugin id22218
published2006-08-14
reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/22218
titleGLSA-200608-19 : WordPress: Privilege escalation
code
#%NASL_MIN_LEVEL 80502
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Gentoo Linux Security Advisory GLSA 200608-19.
#
# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.
# and licensed under the Creative Commons - Attribution / Share Alike 
# license. See http://creativecommons.org/licenses/by-sa/3.0/
#

include("compat.inc");

if (description)
{
  script_id(22218);
  script_version("1.14");
  script_cvs_date("Date: 2019/08/02 13:32:43");

  script_cve_id("CVE-2006-3389", "CVE-2006-3390", "CVE-2006-4028");
  script_xref(name:"GLSA", value:"200608-19");

  script_name(english:"GLSA-200608-19 : WordPress: Privilege escalation");
  script_summary(english:"Checks for updated package(s) in /var/db/pkg");

  script_set_attribute(
    attribute:"synopsis", 
    value:
"The remote Gentoo host is missing one or more security-related
patches."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"The remote host is affected by the vulnerability described in GLSA-200608-19
(WordPress: Privilege escalation)

    The WordPress developers have confirmed a vulnerability in capability
    checking for plugins.
  
Impact :

    By exploiting a flaw, a user can circumvent WordPress access
    restrictions when using plugins. The actual impact depends on the
    configuration of WordPress and may range from trivial to critical,
    possibly even the execution of arbitrary PHP code.
  
Workaround :

    There is no known workaround at this time."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security.gentoo.org/glsa/200608-19"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"All WordPress users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose '>=www-apps/wordpress-2.0.4'"
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:wordpress");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");

  script_set_attribute(attribute:"patch_publication_date", value:"2006/08/10");
  script_set_attribute(attribute:"plugin_publication_date", value:"2006/08/14");
  script_set_attribute(attribute:"vuln_publication_date", value:"2006/02/27");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
  script_family(english:"Gentoo Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");

  exit(0);
}


include("audit.inc");
include("global_settings.inc");
include("qpkg.inc");

if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;

if (qpkg_check(package:"www-apps/wordpress", unaffected:make_list("ge 2.0.4"), vulnerable:make_list("lt 2.0.4"))) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());
  else security_hole(0);
  exit(0);
}
else
{
  tested = qpkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, "WordPress");
}

References