Vulnerability CVE-2008-4106 - CERT Civis.Net

Vulnerability Name:

CVE-2008-4106 (CCN-45087)

Assigned:

2008-09-08

Published:

2008-09-08

Updated:

2018-10-11

Summary:

WordPress before 2.6.2 does not properly handle MySQL warnings about insertion of username strings that exceed the maximum column width of the user_login column, and does not properly handle space characters when comparing usernames, which allows remote attackers to change an arbitrary user's password to a random value by registering a similar username and then requesting a password reset, related to a "SQL column truncation vulnerability."
Note: the attacker can discover the random password by also exploiting CVE-2008-4107.

CVSS v3 Severity:

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): Low Availibility (A): None

CVSS v2 Severity:

5.1 Medium (CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P)
3.8 Low (Temporal CVSS v2 Vector: AV:N/AC:H/Au:N/C:P/I:P/A:P/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Partial

4.3 Medium (CCN CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N)
3.2 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Athentication (Au): None
Impact Metrics:	Confidentiality (C): None Integrity (I): Partial Availibility (A): None

Vulnerability Type:

Vulnerability Consequences:

Other

References:

Source: MITRE
Type: CNA
CVE-2008-4106

Source: MLIST
Type: UNKNOWN
[oss-security] 20080916 Re: CVE request: wordpress < 2.6.2

Source: CCN
Type: SA31737
WordPress Insecure Password Generation Vulnerability

Source: SECUNIA
Type: UNKNOWN
31737

Source: SECUNIA
Type: Vendor Advisory
31870

Source: SREASON
Type: UNKNOWN
4272

Source: CCN
Type: SECTRACK ID: 1020869
WordPress SQL Truncation and Password Generation Flaw Lets Remote Users Determine the Administrator's Password

Source: SECTRACK
Type: UNKNOWN
1020869

Source: CCN
Type: WordPress Blog, September 8, 2008
WordPress 2.6.2

Source: CONFIRM
Type: Patch
http://wordpress.org/development/2008/09/wordpress-262/

Source: CCN
Type: WordPress Web site
Download WordPress

Source: DEBIAN
Type: UNKNOWN
DSA-1871

Source: DEBIAN
Type: DSA-1871
wordpress -- several vulnerabilities

Source: MLIST
Type: UNKNOWN
[oss-security] 20080911 CVE request: wordpress < 2.6.2

Source: BUGTRAQ
Type: UNKNOWN
20080911 Advisory 05/2008: Wordpress user_login Column SQL Truncation Vulnerability

Source: BID
Type: UNKNOWN
31068

Source: CCN
Type: BID-31068
WordPress Lost Password SQL Column Truncation Unauthorized Access Vulnerability

Source: CCN
Type: SektionEins Security Advisory, 2008/09/12
Wordpress user_login Column SQL Truncation Vulnerability

Source: MISC
Type: UNKNOWN
http://www.sektioneins.de/advisories/SE-2008-05.txt

Source: CCN
Type: Suspekt Blog Archive, August 18th, 2008
MySQL and SQL Column Truncation Vulnerabilities

Source: MISC
Type: UNKNOWN
http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/

Source: VUPEN
Type: UNKNOWN
ADV-2008-2553

Source: XF
Type: UNKNOWN
wordpress-randomnumber-weak-security(45087)

Source: EXPLOIT-DB
Type: UNKNOWN
6397

Source: EXPLOIT-DB
Type: UNKNOWN
6421

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7760

Source: FEDORA
Type: UNKNOWN
FEDORA-2008-7902

Vulnerable Configuration:

Configuration 1:

cpe:/a:wordpress:wordpress:0.71-gold:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0-platinum:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.1-miles:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.2-blakey:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2-delta:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2-mingus:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5-strayhorn:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.9:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:*:*:*:*:*:*:*:* (Version <= 2.6.1)

Configuration CCN 1:

cpe:/a:wordpress:wordpress:1.2.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1.3:-:*:*:*:*:*:*

OR cpe:/a:mambo:mambo:4.6.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.9:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.11:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.3:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.10:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.7:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0.4:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.0:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.5:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2.2:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5.1.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.5.1:*:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.6:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:2.6.1:-:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.5::strayhorn:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:0.71::gold:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.1::miles:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0.2::blakey:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.0::platinum:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2:delta:*:*:*:*:*:*

OR cpe:/a:wordpress:wordpress:1.2::mingus:*:*:*:*:*

AND

cpe:/o:debian:debian_linux:4.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:5.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.mitre.oval:def:8072	P	DSA-1871 wordpress -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:12947	P	DSA-1871-2 wordpress -- several vulnerabilities	2014-06-23
oval:org.mitre.oval:def:13072	P	DSA-1871-1 wordpress -- several vulnerabilities	2014-06-23
oval:org.debian:def:1871	V	several vulnerabilities	2009-08-23