Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index News & Announcements
View previous topic :: View next topic  
Author Message
GLSA
Advocate
Advocate


Joined: 12 May 2004
Posts: 2663

PostPosted: Tue Mar 18, 2008 11:26 pm    Post subject: [ GLSA 200803-27 ] MoinMoin: Multiple vulnerabilities Reply with quote

Gentoo Linux Security Advisory

Title: MoinMoin: Multiple vulnerabilities (GLSA 200803-27)
Severity: normal
Exploitable: remote
Date: March 18, 2008
Bug(s): #209133
ID: 200803-27

Synopsis

Several vulnerabilities have been reported in MoinMoin Wiki Engine.

Background

MoinMoin is an advanced, easy to use and extensible Wiki Engine.

Affected Packages

Package: www-apps/moinmoin
Vulnerable: < 1.6.1
Unaffected: >= 1.6.1
Architectures: All supported architectures


Description

Multiple vulnerabilities have been discovered:
  • A vulnerability exists in the file wikimacro.py because the _macro_Getval function does not properly enforce ACLs (CVE-2008-1099).
  • A directory traversal vulnerability exists in the userform action (CVE-2008-0782).
  • A Cross-Site Scripting vulnerability exists in the login action (CVE-2008-0780).
  • Multiple Cross-Site Scripting vulnerabilities exist in the file action/AttachFile.py when using the message, pagename, and target filenames (CVE-2008-0781).
  • Multiple Cross-Site Scripting vulnerabilities exist in formatter/text_gedit.py (aka the gui editor formatter) which can be exploited via a page name or destination page name, which trigger an injection in the file PageEditor.py (CVE-2008-1098).


Impact

These vulnerabilities can be exploited to allow remote attackers to inject arbitrary web script or HTML, overwrite arbitrary files, or read protected pages.

Workaround

There is no known workaround at this time.

Resolution

All MoinMoin users should upgrade to the latest version:
Code:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.1"


References

CVE-2008-0780
CVE-2008-0781
CVE-2008-0782
CVE-2008-1098
CVE-2008-1099
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index News & Announcements All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum