twiki: Remote code execution vulerability.

Open Source Support Tools

Home

Just Starting? View the Demo

Download Diagnostic Tools

(JavaScript Disabled)

Search Item

Summary

Reported Issue

Title: twiki: Remote code execution vulerability.

Project: debian

Item Last Modified: Tue, 07 Oct 2008 09:26:31

Tags:

Tag This

Bookmark This

Details

twiki: Remote code execution vulerability.

Reporter:
Created:
Updated:		Tue, 07 Oct 2008 09:26:31
Key:		499534
Versions:		Not provided
Environment:
Priority:		1
Status:		Opened
Resolution:		Not provided
Original Link:		http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=499534
Summary:		twiki: Remote code execution vulerability.

Description:

Package: twiki
Version: 1:4.0.5-9.1
Severity: grave
Tags: security
Justification: user security hole

TWiki command execution vulnerability found in current version. US-CERT Vulnerability Note:
http://www.kb.cert.org/vuls/id/362012 and TWiki Security Alert:
http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195

-- System Information:
Debian Release: 4.0
APT prefers oldstable
APT policy: (500, 'oldstable'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.18-6-686
Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1)

Versions of packages twiki depends on:
ii apache-common 1.3.34-4.1+etch1 support files for all Apache webse
ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy
ii libalgorithm-diff-perl 1.19.01-2 a perl library for finding Longest
ii libcgi-session-perl 4.14-1 Persistent session data in CGI app
ii libdigest-sha1-perl 2.11-1 NIST SHA-1 message digest algorith
ii liberror-perl 0.15-8 Perl module for error/exception ha
ii libhtml-parser-perl 3.55-1 A collection of modules that parse
ii liblocale-maketext-lexi 0.62-1 Lexicon-handling backends for "Loc
ii libtext-diff-perl 0.35-2 Perform diffs on files and record
ii liburi-perl 1.35-2 Manipulates and accesses URI strin
ii perl [libmime-base64-pe 5.8.8-7etch3 Larry Wall's Practical Extraction
ii perl-modules [libnet-pe 5.8.8-7etch3 Core Perl modules
ii rcs 5.7-18 The GNU Revision Control System

twiki recommends no packages.

-- debconf information excluded

Comments:

Nico Golde	Fri, 19 Sep 2008 20:44:15
severity 499534 important thanks Hi Brad, * Brad Krane [2008-09-19 19:18]: > TWiki command execution vulnerability found in current version. US-CERT Vulnerability Note: > http://www.kb.cert.org/vuls/id/362012 and TWiki Security Alert: > http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 Downgrading as the access to this script is limited to localhost on Debian. Cheers Nico -- Nico Golde - http://www.ngolde.de/ - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.
Sven Dowideit	Sat, 20 Sep 2008 08:40:02
This is _not_ a grave severity issue in the debian package, specifically because configure (as mentioned in the advisory) is locked down using apache to 1 localhost 2 an admin user that is created by the installer. Sven Brad Krane wrote: > Package: twiki > Version: 1:4.0.5-9.1 > Severity: grave > Tags: security > Justification: user security hole > > > TWiki command execution vulnerability found in current version. US-CERT Vulnerability Note: > http://www.kb.cert.org/vuls/id/362012 and TWiki Security Alert: > http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 > > > -- System Information: > Debian Release: 4.0 > APT prefers oldstable > APT policy: (500, 'oldstable'), (500, 'stable') > Architecture: i386 (i686) > Shell: /bin/sh linked to /bin/bash > Kernel: Linux 2.6.18-6-686 > Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) > > Versions of packages twiki depends on: > ii apache-common 1.3.34-4.1+etch1 support files for all Apache webse > ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy > ii libalgorithm-diff-perl 1.19.01-2 a perl library for finding Longest > ii libcgi-session-perl 4.14-1 Persistent session data in CGI app > ii libdigest-sha1-perl 2.11-1 NIST SHA-1 message digest algorith > ii liberror-perl 0.15-8 Perl module for error/exception ha > ii libhtml-parser-perl 3.55-1 A collection of modules that parse > ii liblocale-maketext-lexi 0.62-1 Lexicon-handling backends for "Loc > ii libtext-diff-perl 0.35-2 Perform diffs on files and record > ii liburi-perl 1.35-2 Manipulates and accesses URI strin > ii perl [libmime-base64-pe 5.8.8-7etch3 Larry Wall's Practical Extraction > ii perl-modules [libnet-pe 5.8.8-7etch3 Core Perl modules > ii rcs 5.7-18 The GNU Revision Control System > > twiki recommends no packages. > > -- debconf information excluded > -- Consulting wiki Engineer Sven Dowideit - http://fosiki.com/ A WikiRing Partner - http://wikiring.com/ Public key - http://pgp.mit.edu:11371/pks/lookup?search=Sven+Dowideit&op=index&exact=on
Olivier Berger	Sat, 20 Sep 2008 10:32:41
On Sat, Sep 20, 2008 at 08:40:02AM +1000, Sven Dowideit wrote: > This is _not_ a grave severity issue in the debian package, specifically > because configure (as mentioned in the advisory) is locked down using > apache to > 1 localhost > 2 an admin user that is created by the installer. > ... well, at least for version in lenny (4.1.2-4), since we have fixed #485562 previously (I'm glad we did, then ;). Just my 2 cents. Best regards,
Nico Golde	Tue, 07 Oct 2008 14:38:31
Hi Sven, * Olivier Berger [2008-09-20 12:30]: > On Sat, Sep 20, 2008 at 08:40:02AM +1000, Sven Dowideit wrote: > > This is _not_ a grave severity issue in the debian package, specifically > > because configure (as mentioned in the advisory) is locked down using > > apache to > > 1 localhost > > 2 an admin user that is created by the installer. > > > > ... well, at least for version in lenny (4.1.2-4), since we have fixed #485562 previously (I'm glad we did, then ;). It would be still nice if this could be fixed... even if this is not a grave issue. Cheers Nico -- Nico Golde - http://www.ngolde.de/ - nion@jabber.ccc.de - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted.

URL: ../../debian/issues/499534 • Email URL