Full Disclosure mailing list archives
[ GLSA 200609-10 ] DokuWiki: Arbitrary command execution
From: Sune Kloppenborg Jeppesen <jaervosz () gentoo org>
Date: Thu, 14 Sep 2006 17:58:09 +0200
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Gentoo Linux Security Advisory GLSA 200609-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - http://security.gentoo.org/ - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Severity: High Title: DokuWiki: Arbitrary command execution Date: September 14, 2006 Bugs: #146800 ID: 200609-10 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Synopsis ======== Vulnerabilities in some accessory scripts of DokuWiki allow remote code execution. Background ========== DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend. Affected packages ================= ------------------------------------------------------------------- Package / Vulnerable / Unaffected ------------------------------------------------------------------- 1 www-apps/dokuwiki < 20060309d >= 20060309d Description =========== "rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the accessory scripts installed in the "bin" DokuWiki directory are vulnerable to directory traversal attacks, allowing to copy and execute the previously injected code. Impact ====== A remote attacker may execute arbitrary PHP (and thus probably system) commands with the permissions of the user running the process serving DokuWiki pages. Workaround ========== Disable remote access to the "bin" subdirectory of the DokuWiki installation. Remove the directory if you don't use the scripts in there. Resolution ========== All DokuWiki users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309d" References ========== [ 1 ] CVE-2006-4674 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4674 [ 2 ] CVE-2006-4675 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4675 [ 3 ] CVE-2006-4679 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4679 Availability ============ This GLSA and any updates to it are available for viewing at the Gentoo Security Website: http://security.gentoo.org/glsa/glsa-200609-10.xml Concerns? ========= Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security () gentoo org or alternatively, you may file a bug at http://bugs.gentoo.org. License ======= Copyright 2006 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license. http://creativecommons.org/licenses/by-sa/2.5
Attachment:
_bin
Description:
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- [ GLSA 200609-10 ] DokuWiki: Arbitrary command execution Sune Kloppenborg Jeppesen (Sep 14)