WordPress › Support » 2.0.7 security vulnerability

solutionsphp
Member
Posted 6 years ago #

I received a report that 2.0.7 has a security vulnerability. 2.1 is fixed but requires MySQL 4 which is not available for all the WP sites I need to upgrade. Is there going to be a 2.0.8 patch release soon?

Advisory: Multiple Remote Vulnerabilities in WordPress
Advisory ID: 4tphi-sa-20070111-wordpress
Release Date: 01-24-2007
Author: Blake Matheny (bmatheny@mobocracy.net)
Software: WordPress < 2.1
Impact: Remote & Local DoS, File Disclosure

Overview:
Multiple vulnerabilities exist in the XMLRPC and Pingback
implementation that are included with WordPress. Note that some issues discovered with Pingback affect other vendors as well.
Samuel Wood (Otto)
Tech Ninja
Posted 6 years ago #

It looks like it's a simple patch, you could probably do it yourself.

More info and the patch details are here:
http://www.securityfocus.com/archive/1/458003/30/30/threaded
solutionsphp
Member
Posted 6 years ago #

Thanks Otto42! Sorry to be daft, but I'm a little less comfortable on the command line than I am with an IDE. How is this patch applied? Does the PLUS sign indicate lines of code that are added? It looks like there is no code removed, just added, correct?

function wp_remote_fopen( $uri ) { + $timeout = 10; + $parsed_url = @parse_url($uri); + if ( !$parsed_url || !is_array($parsed_url) ) + { + return false; + } + if ( !isset($parsed_url['scheme']) || + !in_array($parsed['scheme'], array('http','https')) ) + { + $uri = 'http://' . $uri; + } if ( ini_get('allow_url_fopen') ) { $fp = @fopen( $uri, 'r' ); if ( !$fp ) return false; + stream_set_timeout($fp, $timeout); $linea = ''; while( $remote_read = fread($fp, 4096) ) $linea .= $remote_read; @@ -2200,8 +2212,11 @@ curl_setopt ($handle, CURLOPT_URL, $uri); curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1); curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1); + curl_setopt ($handle, CURLOPT_TIMEOUT, $timeout); $buffer = curl_exec($handle); curl_close($handle); + if ( !preg_match('/.*text/.*/', curl_getinfo($handle, CURLINFO_CONTENT_TYPE)) ) + return ''; return $buffer; } else { return false;
Samuel Wood (Otto)
Tech Ninja
Posted 6 years ago #

Yes, the + indicates adding a new line of code.

The bit where it says @@ -2200,8 +2212,11 @@ means that you should skip ahead to line 2200 (in the original file) or line 2212 (in the new file) to continue adding your lines and such.

The lines with no + or - or ! in front of them are unchanged, and just given as reference points.

An easier way would be to use the command line program called "patch" which can read that format and do the work for you.
solutionsphp
Member
Posted 6 years ago #

Thanks for your help! Patching on the command line turned out to be a snap. For those who remain less adventurous, I have posted the patched functions.php file for download here:
http://www.stevensmedia.com/blog/?p=115
jonimueller
Member
Posted 6 years ago #

I tried applying the patch that solutionsphp was kind enough to provide and I get this error when I attempt to either edit a page or post or access the Links Manager:

Fatal error: Call to undefined function: attribute_escape() in /home/pixelit/public_html/wp-includes/functions.php on line 2380

I'm not about to subject myself to further grief by upgrading to WP 2.1 while it's still in the state it's in.

Any other solutions?
theposterpreviouslyknownas
Member
Posted 6 years ago #

attribute_escape() was introduced in 2.0.6, are you not upgraded to atleast 2.0.6?

Indeed you are not if the site in your profile is any indication.

>>I'm not about to subject myself to further grief by upgrading to WP 2.1 while it's still in the state it's in.

then upgrade to 2.0.7

follow the standard upgrade procedure to go from 2.0.4 > 2.0.6 then upload the couple new files that make up 2.0.7, then make the neccessary changes for that little hole.

piece of cake :)
DianeV
Member
Posted 6 years ago #

Yes, but the SecurityFocus article linked to above references this:

Software: WordPress < 2.1
theposterpreviouslyknownas
Member
Posted 6 years ago #

I am running 2.0.7. THIS is what I did.

I took the same function that exists within 2.1 (ITS FIXED) and replaced the old fucntion. It works fine.

YOU DO NOT NEED TO RUN 2.1 TO FIX THAT HOLE.

This is the fucnction taken right out of 2.1, and it works perfectly within 2.0.7:

function wp_remote_fopen( $uri ) { $timeout = 10; $parsed_url = @parse_url($uri); if ( !$parsed_url || !is_array($parsed_url) ) return false; if ( !isset($parsed_url['scheme']) || !in_array($parsed_url['scheme'], array('http','https')) ) $uri = 'http://' . $uri; if ( ini_get('allow_url_fopen') ) { $fp = @fopen( $uri, 'r' ); if ( !$fp ) return false; stream_set_timeout($fp, $timeout); // Requires php 4.3 $linea = ''; while( $remote_read = fread($fp, 4096) ) $linea .= $remote_read; fclose($fp); return $linea; } else if ( function_exists('curl_init') ) { $handle = curl_init(); curl_setopt ($handle, CURLOPT_URL, $uri); curl_setopt ($handle, CURLOPT_CONNECTTIMEOUT, 1); curl_setopt ($handle, CURLOPT_RETURNTRANSFER, 1); curl_setopt ($handle, CURLOPT_TIMEOUT, $timeout); $buffer = curl_exec($handle); curl_close($handle); return $buffer; } else { return false; } }

Its just fixed, it doesnt use any special additons from 2.1 and it would be nice if ppl gave decent advice instead of "working" to get ppl to upgrade to something they dont need to.

Im not neccessarily talking about you diane, btw, about the "working" thing, I just think ppl dont realize that they dont have to run that blasted bug ridden 2.1
DianeV
Member
Posted 6 years ago #

Hm. I'm getting "error establishing a database connection" at the stevensmedia link.

So ... what? Is this just a matter of adding the SecurityFocus code to functions.php?
solutionsphp
Member
Posted 6 years ago #

Sorry about the downtime... my host was doing some server maintenance and MySQL didn't come back online properly. No rest for the wicked!

I can't replicate the errors that jonimueller is experiencing... when you upgraded to 2.0.7 did you *delete* files from the server or overwrite them? Overwriting doesn't always work in my experience.
jonimueller
Member
Posted 6 years ago #

I upgraded my various WP sites (running anything from 2.0.1 to 2.0.5) to 2.0.7 in one fell swoop (as a matter of practice I backup the *.sql file, disable the plugins and nuke the /wp-includes and /wp-admin folders and all *.php files except wp-config.php before uploading upgrade files).

Once that was done and working fine, I then applied the patched functions.php file as kindly provided above and all is well. Thanks everyone.

J
solutionsphp
Member
Posted 6 years ago #

Yay, glad to hear it's working for you! Thanks for reporting back.
yumadoug
Member
Posted 6 years ago #

>>I'm not about to subject myself to further grief by upgrading to WP 2.1 while it's still in the state it's in.

I tried 2.1, too. Very slow in the post editor and switching between visual and code tabs very slow, code does not show some tags. In short, I prefer 2.0.5 (sorry to criticize... I do appreciate the hard work, but I'll wait for a few 2.1 releases).

>>then upgrade to 2.0.7

>>follow the standard upgrade procedure to go from 2.0.4 > >>2.0.6 then upload the couple new files that make up >>2.0.7, then make the neccessary changes for that little >>hole.

I'd like to wait for the 2.0.7 fix in the stable release of 2.0.8 (now RC1); will I need to upgrade to 2.0.6, then 2.0.7, then 2.0.8? I was thinking I could just upgrade from 5 to 8, but is that wrong?

Or would you guys recommend not waiting for 2.0.8?

Thanks!!!
moshu
Member
Posted 6 years ago #

Most likekly you'll be able to go from 2.0.5 to 2.0.8... at least that was the case with the other minor upgrades (2.0.x -> to 2.0.7)
yumadoug
Member
Posted 6 years ago #

"Most likely"? I was assuming so too, but I can't find anything in the forum to confirm it and the posts in this topic give me doubts. Can you confirm it? Thanks!!!
moshu
Member
Posted 6 years ago #

Yep. I upgraded from 2.0.4 to 2.0.8-RC1 without any issue. I don't think anything will be changed in this regard in the final release.

Topic Closed

This topic has been closed to new replies.

WordPress.org

Forums

2.0.7 security vulnerability - patch soon? (17 posts)

Topic Closed

About this Topic

Tags

Code is Poetry