While I struggle with my own security demons, Thomas Waldegger emailed to let me know that the BugTraq security alert for WordPress has gone live. I am still getting requests for a patch file for this issue, and would rather that the WordPress team respond to these since the notice has gone public.
This alert does demonstrate how difficult it is to ensure that an application is secure. What happened is that the ping identifier that was sent with a trackback ping was not checked to ensure that it was, indeed, an integer. Based on this, a person could attach a separate subquery to the ping, and use this to, as Thomas put it, be able to re-construct values in the database.
This is something I never would have spotted myself, though I am now alert to the vulnerability. The only problem is that once you’re aware of one type of vulnerability, others are discovered.
You never stop dancing in the open source world. Even when your steps falter, you just got to dance. Most of the time, the crowd doesn’t even see your footwork; about the only time they do, is when you’re dancing out of tune.
