WordPress 1.5.1.3 Security Vulnerability
According to the entry for WordPress 1.x at Secunia.com, there is a “Highly critical” WordPress vulnerability announced August 10th that affects all 1.x versions including 1.5.1.3 The details are in this advisory. There is not yet an updated version of WordPress to address the issue, but there is a possible workaround.
According to the writeup, input passed to the “cache_lastpostdate” parameter via cookies is not “properly sanitized” before being processed. This allows arbitrary php code to be inserted. The advisory notes that in order to be successfuly exploited register_globals needs to be enabled.
If you want a workaround then it sounds like disabling register_globals is the way to go. From what I can see there are a lot of headaches removed with register_globals set to off.
Since I’m on a VPS, I have access to my php.ini file which let’s me fix this. Here’s how I dealt with it.
Edit php.ini, (usually in /etc/php.ini ) look for a line like this…
register_globals = On
Disabling it should be as simple as
register_globals = Off
save the file and I restarted apache (I’m not certain that is required to reload the php.ini, you might do it just in case, I did.)
I haven’t seen any impact (yet) on the scripts here, from what I read it’s good coding practice to not rely on register_globals being on because it can open you up to some nasty code injection vulnerabilities. I think the default distribution of php now has it disabled.