Candidate: CVE-2009-2762
PublicDate: 2009-08-13 16:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2762
Description:
 wp-login.php in WordPress 2.8.3 and earlier allows remote attackers to
 force a password reset for the first user in the database, possibly the
 administrator, via a key[] array variable in a resetpass (aka rp) action,
 which bypasses a check that assumes that $key is not an array.
Ubuntu-Description:
Notes:
 ari-tczew> Exploit: http://www.securityfocus.com/bid/36014/exploit
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS: 

Patches_wordpress:
 upstream: http://core.trac.wordpress.org/changeset/11798
upstream_wordpress: released (2.8.4)
dapper_wordpress: ignored (reached end-of-life)
hardy_wordpress: ignored (reached end-of-life)
intrepid_wordpress: needed (reached end-of-life)
jaunty_wordpress: ignored (reached end-of-life)
karmic_wordpress: not-affected (2.8.4-1ubuntu1)
lucid_wordpress: not-affected (2.8.4-1ubuntu1)
maverick_wordpress: not-affected (2.8.4-1ubuntu1)
natty_wordpress: not-affected (2.8.4-1ubuntu1)
oneiric_wordpress: not-affected (2.8.4-1ubuntu1)
devel_wordpress: not-affected (2.8.4-1ubuntu1)