ATTN: WP users with version 2.1.1!!! - GoFuckYourself.com

03-03-2007, 09:56 AM

Quote:

Long story short: If you downloaded WordPress 2.1.1 within the past 3-4 days, your files may include a security exploit that was added by a cracker, and you should upgrade all of your files to 2.1.2 immediately.

Longer explanation: This morning we received a note to our security mailing address about unusual and highly exploitable code in WordPress. The issue was investigated, and it appeared that the 2.1.1 download had been modified from its original code. We took the website down immediately to investigate what happened.

It was determined that a cracker had gained user-level access to one of the servers that powers wordpress.org, and had used that access to modify the download file. We have locked down that server for further forensics, but at this time it appears that the 2.1.1 download was the only thing touched by the attack. They modified two files in WP to include code that would allow for remote PHP execution.

Source

Upgrade to 2.1.2 immediately!

03-03-2007, 09:59 AM

Direct download link from wordpress.org

TexasDreams · 03-03-2007, 10:04 AM

Oy vey!

Bump for people that need to quickly upgrade.

polle54 · 03-03-2007, 10:15 AM

pretty critical, good someone found out about this pretty quick.

martinsc · 03-03-2007, 10:19 AM

ouch

Sosa · 03-03-2007, 11:08 AM

2.1 is still ok from what I see? just 2.1.1 is bad?

RawAlex · 03-03-2007, 11:09 AM

Only some 2.1.1 are bad. I downloaded it the day it came out, and the one I have is fine (no holes outside of the normal). This would appear to apply mostly if you have downloaded in the last few days.

To be on the safe side, just upgrade. It takes a very few minutes.

03-03-2007, 12:16 PM

bumpsicles

03-03-2007, 10:04 AM	#3
TexasDreams former Miserable Admin :) Join Date: Oct 2003 Location: Somewhere in Cali Posts: 4,700	Oy vey! Bump for people that need to quickly upgrade. __________________ ICQ: 168-914-369 >>> sysop [at] TexasDreams [dot] com

03-03-2007, 10:15 AM	#4
polle54 Confirmed User Join Date: Jul 2004 Location: The Beach Posts: 4,626	pretty critical, good someone found out about this pretty quick. __________________ ICQ# 143561781

03-03-2007, 10:19 AM	#5
martinsc Too lazy to set a custom title Industry Role: Join Date: Jun 2005 Location: 127.0.0.1 Posts: 27,047	ouch __________________ Make Money

03-03-2007, 09:59 AM	#2
X37375787 Guest Posts: n/a	Direct download link from wordpress.org

03-03-2007, 11:08 AM	#6
Sosa In Tushy Land Join Date: Oct 2002 Location: Nebraska Posts: 40,149	2.1 is still ok from what I see? just 2.1.1 is bad?

03-03-2007, 11:09 AM	#7
RawAlex So Fucking Banned Join Date: Oct 2003 Location: In a house. Posts: 9,465	Only some 2.1.1 are bad. I downloaded it the day it came out, and the one I have is fine (no holes outside of the normal). This would appear to apply mostly if you have downloaded in the last few days. To be on the safe side, just upgrade. It takes a very few minutes.

03-03-2007, 12:16 PM	#8
X37375787 Guest Posts: n/a	bumpsicles