Wordpress Resource Exhaustion - Denial of Service Vulnerability

2009.10.26
Credit: jcarlosn
Risk: Low
Local: No
Remote: Yes
CVE: CVE-2009-3622
CWE: CWE-310


CVSS Base Score: 4.3/10
Impact Subscore: 2.9/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: None
Integrity impact: None
Availability impact: Partial

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 jcarlosn [http://rooibo.wordpress.com/] has discovered an Denial of Service by Resource Exhaustion in all wordpress version. This vulnerability affects the wp-trackbacks.php file and already exists an available exploit for it. The exploit: http://codes.zerial.org/php/wp-trackbacks_dos.phps Execution: $ while /bin/true; do php test.php http://target.bom/wordpress; done hit! hit! hit! hit! hit! hit! hit! hit! hit! hit! Notice: fputs(): send of 8192 bytes failed with errno=11 Resource temporarily unavailable down!! Load average: 22.07, 15.18, 8.58 (on target server) - -- Fernando A. Lagos Berardi - Zerial Desarrollador y Programador Web Seguridad Informatica Linux User #382319 Blog: http://blog.zerial.org Skype: erzerial Jabber: zerial () jabberes org GTalk && MSN: fernando () zerial org -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAkrcUsIACgkQIP17Kywx9JQnNQCeOwPir0lZxguy8d4LDmNzKxD8 CyYAoJEEAaoyOnE09VbVRveUQU7Uapcq =pFaY -----END PGP SIGNATURE-----

References:

http://www.vupen.com/english/advisories/2009/2986
https://bugzilla.redhat.com/show_bug.cgi?id=530056
http://xforce.iss.net/xforce/xfdb/53884
http://www.osvdb.org/59077
http://wordpress.org/development/2009/10/wordpress-2-8-5-hardening-release/
http://securitytracker.com/id?1023072
http://security-sh3ll.blogspot.com/2009/10/wordpress-resource-exhaustion-denial-of.html
http://secunia.com/advisories/37088
http://seclists.org/fulldisclosure/2009/Oct/263
http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/
http://marc.info/?l=oss-security&m=125614592004825&w=2
http://marc.info/?l=oss-security&m=125612393329041&w=2
http://codes.zerial.org/php/wp-trackbacks_dos.phps


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top