[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-disclosure] Wordpress Remote Exploit - W3 Total Cache
- To: "Jason A. Donenfeld" <Jason@xxxxxxxxx>
- Subject: Re: [Full-disclosure] Wordpress Remote Exploit - W3 Total Cache
- From: Kurt Seifried <kseifried@xxxxxxxxxx>
- Date: Thu, 27 Dec 2012 10:50:25 -0700
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/24/2012 03:56 AM, Jason A. Donenfeld wrote:
> On Mon, Dec 24, 2012 at 7:39 AM, Jason A. Donenfeld
> <Jason@xxxxxxxxx> wrote:
>> realizing. I'm copying the author on this email, as he may want
>> to include a warning message where nieve folks like myself can
>> see it, or document these somewhere if they're not already, or at
>> least apply the two .htaccess tweaks mentioned above.
>
> I thought it might be worth amending to the list that I've just had
> a long phone conversation with the author of the vulnerable code,
> and we discussed several different solutions to solving the
> likelihood of a user's misconfiguration as well as mitigating the
> potential damage that could be caused by it. The author said he
> intends to release a fix soon.
Does this need a CVE identifier? If so please see
http://people.redhat.com/kseifrie/CVE-OpenSource-Request-HOWTO.html
and send the request to oss-security@xxxxxxxxxxxxxxxxxx so there is a
public record of it and I will assign a CVE(s) as appropriate. Thank you.
- --
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with undefined - http://www.enigmail.net/
iQIcBAEBAgAGBQJQ3IphAAoJEBYNRVNeJnmTqhwP/j7EwgwzPfe1lTEZ9gVMGOID
IT2YLBXmyXefrsCLqPh61oI84G0tQHK00zodkPZ0uXPEhoRdPEFo1OcrlFmtzVGb
jat0B3JUn5GH+7GaC9oFetWQJPu6gaW2Jo3kspIUQSQtCYCzBbkTjXk1fDJil7Xx
WwHMABoy1QPMc+XMPoiXAQ/sdhIoddJgKCy+InEI2sPgIxkSjYT77lfKBh5DQpj6
afdxLkGO8azCeHDdAQ3GgkivVXPgxy6jhhK/bvudf5qhXUchb+AkUjhrjYafkCB+
Df8pqkU9qkOUG75Rcp9ocL7AUiw9A3Dc2L4ZE/Z2Wsp9kZ4EMaBZL5+OcwIzWBvW
EnCupoeo7WtjYXskGSRKplXuwtSsJc8XcKnqw60YP1tuQLXa1NJlhY6btYsOkKe6
J4V5E3scKMBns9pLEQJUI+I7kf+nJl+5sL3Ci1bGAZGTHY3i26RZWFbWWp9ywxUI
jNImJEKbHgvhKsfNneE+Yryiy+aSHMNUlomRM6Np6wsS6SpJJsCxp94h5Y+/pcFo
C7+N1c9JqZbum64zqfCTxjX/smgcwZHF882f+H/9O7MOVV5vk0vBo0yfYwU8L8fS
EwKkj5ZUrmoRh/oh+6ravkI2R3/0eijza4WXiBeaJJLsBHPmTMOu/hOU71WTTBzz
mezA8ZLisITzfhCevOJl
=831H
-----END PGP SIGNATURE-----
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/