Bug 237843 - www-apps/twiki <4.2.3 config script command execution (CVE-2008-{3195,4112})
Bug#: 237843 (CVE-2008-3195) Product:  Gentoo Security Version: unspecified Platform: All
OS/Version: Linux Status: RESOLVED Severity: trivial Priority: P2
Resolution: FIXED Assigned To: security@gentoo.org Reported By: rbu@gentoo.org
Component: Vulnerabilities
URL:  http://www.kb.cert.org/vuls/id/362012
Summary: www-apps/twiki <4.2.3 config script command execution (CVE-2008-{3195,4112})
Keywords:  
Status Whiteboard: ~1 [noglsa]
Opened: 2008-09-16 14:40 0000
Description:   Opened: 2008-09-16 14:40 0000 
US-CERT writes:
The TWiki wiki software fails to validate input passed to certain URLs. By
accessing a URL containing the TWiki configuration script, an attacker may be
able to read arbitrary files.

I. Description
TWiki is a wiki that is runs in the context of the Apache web server. TWiki is
installed by configuring Apache, then accessing a configuration script from a
web browser. Before executing the configuration script, the TWiki installation
instructions provide a generator for Apache configuration directives that is
designed to prevent unauthorized access to the script.

There is a command execution vulnerability in TWiki versions prior to 4.2.3.
According to the TWiki download page, this issue can only be exploited if the
configure script was not secured as described in step number 8 in the
installation guide.

Public exploit code has been released that targets this vulnerability. TWiki
servers typically use predictable URLs and vulnerable systems may be found by
querying search engines.

------- Comment #1 From Robert Buchholz 2008-09-17 19:39:31 0000 ------- 
CVE-2008-4112 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-4112):
  Directory traversal vulnerability in bin/configure in TWiki before
  4.2.3, when a certain step in the installation guide is skipped,
  allows remote attackers to read arbitrary files via a query string
  containing a .. (dot dot) in the image variable.

------- Comment #2 From Robert Buchholz 2008-09-19 15:28:13 0000 ------- 
CVE-2008-3195 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-3195):
  Directory traversal vulnerability in bin/configure in TWiki before
  4.2.3, when a certain step in the installation guide is skipped,
  allows remote attackers to read arbitrary files via a query string
  containing a .. (dot dot) in the image variable, and execute
  arbitrary files via unspecified vectors.

------- Comment #3 From Gunnar Wrobel 2008-09-21 14:25:55 0000 ------- 
Added twiki-4.2.3, removed vulnerable -4.1.2, -4.2.0, -4.2.2. Unstable on all
arches. Webapps done.