Post by Kaarenyth on Aug 3, 2011 10:47:51 GMT -5
Got the below in my US-CERT alerts this morning.
Since Slurms updated the theme made me think I probably should post for anyone using wordpress to check out the possible impact and resolutions.
---------- quote --------------
US-CERT Current Activity
WordPress Themes Vulnerability
Original release date: August 3, 2011 at 10:05 am Last revised: August 3, 2011 at 10:05 am
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
US-CERT encourages users and administrators to:
* determine if any hosted blogs use TimThumb by searching for
timthumb.php or thumb.php
* review the blog entry on the issue and apply any necessary updates
or workarounds to help mitigate the risks
Relevant Url(s):
<http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/>
====
This entry is available at
www.us-cert.gov/current/index.html#wordpress_themes_vulnerability
------------- End Quote ---------------------
Since Slurms updated the theme made me think I probably should post for anyone using wordpress to check out the possible impact and resolutions.
---------- quote --------------
US-CERT Current Activity
WordPress Themes Vulnerability
Original release date: August 3, 2011 at 10:05 am Last revised: August 3, 2011 at 10:05 am
TimThumb, a PHP script that is reused in many popular themes for the WordPress blog software, contains a vulnerability that allows a remote attacker to upload arbitrary PHP code to an affected site.
US-CERT encourages users and administrators to:
* determine if any hosted blogs use TimThumb by searching for
timthumb.php or thumb.php
* review the blog entry on the issue and apply any necessary updates
or workarounds to help mitigate the risks
Relevant Url(s):
<http://markmaunder.com/2011/zero-day-vulnerability-in-many-wordpress-themes/>
====
This entry is available at
www.us-cert.gov/current/index.html#wordpress_themes_vulnerability
------------- End Quote ---------------------