Users who have downloaded the 2.1.1 version of the open-source blogging platform WordPress should upgrade all files to 2.1.2 immediately, since they could include a security bug injected by a cracker who gained user-level access to one of the servers that powers wordpress.org, according to a release posted on WordPress' site on Friday. WordPress received a note on the project's security mailing address Friday morning regarding "highly exploitable code," the release said. After investigating the issue, the WordPress developers found that the 2.1.1 download had been modified from its original site. The Web site was taken down immediately for further forensic analysis.
At this point it looks like the 2.1.1 download was the only thing affected by the attack. The attacker(s) modified two files to include code that would allow for the remote PHP execution.
Not all downloads of 2.1.1 were affected, but WordPress declared the entire version dangerous. Several WordPress developers worked through the night to release a new version, 2.1.2, that includes minor updates and entirely verified files.
Source: eWeek
At this point it looks like the 2.1.1 download was the only thing affected by the attack. The attacker(s) modified two files to include code that would allow for the remote PHP execution.
Not all downloads of 2.1.1 were affected, but WordPress declared the entire version dangerous. Several WordPress developers worked through the night to release a new version, 2.1.2, that includes minor updates and entirely verified files.
Source: eWeek
0 Comments:
Post a Comment