Candidate: CVE-2008-4106
PublicDate: 2008-09-18 17:59:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4106
Description:
 WordPress before 2.6.2 does not properly handle MySQL warnings about
 insertion of username strings that exceed the maximum column width of the
 user_login column, and does not properly handle space characters when
 comparing usernames, which allows remote attackers to change an arbitrary
 user's password to a random value by registering a similar username and
 then requesting a password reset, related to a "SQL column truncation
 vulnerability." NOTE: the attacker can discover the random password by also
 exploiting CVE-2008-4107.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
upstream_wordpress: released (2.6.2)
dapper_wordpress: ignored (reached end-of-life)
feisty_wordpress: needs-triage (reached end-of-life)
gutsy_wordpress: needs-triage (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: not-affected (2.7.1-2ubuntu1)
karmic_wordpress: not-affected
lucid_wordpress: not-affected
maverick_wordpress: not-affected
natty_wordpress: not-affected
oneiric_wordpress: not-affected
devel_wordpress: not-affected