First Last Prev Next    No search results available      Search page      Enter new bug
Bug#: 163781
Alias:
Product:
Component:
Status: RESOLVED
Resolution: FIXED
Assigned To: Gentoo Security <security@gentoo.org>
Hardware:
OS:
Version:
Priority:
Severity:
Reporter: Executioner <keith@email.arizona.edu>
Add CC:
CC:
Remove selected CCs
URL:
Summary:
Status Whiteboard:
Keywords:
Flags: Requestee:
 
 
  ()

Filename Description Type Creator Created Size Actions
dokuwiki-20061106.ebuild Elias Probst's ebuild from bug #150950. text/plain Philippe Chaintreuil 2007-03-09 14:11 0000 1.69 KB Details
Create a New Attachment (proposed patch, testcase, etc.) View All

Bug 163781 depends on: Show dependency tree
Bug 163781 blocks:

Additional Comments: (this is where you put emerge --info)


Not eligible to see or edit group visibility for this bug.






View Bug Activity   |   Format For Printing   |   XML   |   Clone This Bug

Description:   Opened: 2007-01-25 17:37 0000 
unsticky has discovered a vulnerability in DokuWiki, which can be exploited by
malicious people to bypass certain restrictions.

Input passed to the "media" parameter in lib/exe/fetch.php is not properly
sanitised before being used. This can be exploited to bypass certain
restrictions via CRLF character sequences and inject arbitrary HTTP headers and
HTTP body data in a request.

Successful exploitation e.g. makes it possible to conduct cross-site scripting
attacks.

The vulnerability is confirmed in version 2006-03-09e. Other versions may also
be affected.

Reproducible: Didn't try

------- Comment #1 From Executioner 2007-01-25 21:09:57 0000 ------- 
Noticed this XSS too... 
http://www.securiteam.com/unixfocus/5YP0N1FKAE.html

------- Comment #2 From Raphael Marichez 2007-02-10 21:15:33 0000 ------- 
ping web-apps

------- Comment #3 From Executioner 2007-02-14 02:07:29 0000 ------- 
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-6965

------- Comment #4 From Jakub Moc (RETIRED) 2007-02-15 22:36:40 0000 ------- 
*** Bug 150950 has been marked as a duplicate of this bug. ***

------- Comment #5 From Michael Klier 2007-02-16 10:40:21 0000 ------- 
This bug has been fixed as of 2006-10-17, see DokuWiki bugtracker [1] for
further details.

[1] http://bugs.splitbrain.org/?do=details&id=935

------- Comment #6 From Ian P. Christian 2007-02-25 04:18:07 0000 ------- 
new ebuild needed for latest version

------- Comment #7 From Tomas Synek 2007-03-08 10:13:22 0000 ------- 
Hi, new version still out of portage? Why??

http://bugs.gentoo.org/show_bug.cgi?id=150950

dokuwiki-20061106.ebuild > http://bugs.gentoo.org/attachment.cgi?id=103294
"Changes: removed the last MY_PV argument, because this release doesn't have an
alphabetic character at the end of PV"

Wokrs fine for my amd64, please test and report...

------- Comment #8 From Jakub Moc (RETIRED) 2007-03-09 07:21:03 0000 ------- 
*** Bug 169833 has been marked as a duplicate of this bug. ***

------- Comment #9 From Marco Clocchiatti 2007-03-09 12:57:18 0000 ------- 
(In reply to comment #8)
> *** Bug 169833 has been marked as a duplicate of this bug. ***
> 

I think that Bug 169833 shows one more thing: old dokuwiki version gives
problems with new php.
So the new ebuild has to go soon in portage.

------- Comment #10 From Philippe Chaintreuil 2007-03-09 14:11:17 0000 ------- 
Created an attachment (id=112712) [details]
Elias Probst's ebuild from bug #150950.

Elias Probst originally submitted this ebuild under bug #150950.  Could someone
please get it into the portage tree?  It's been there, waiting for someone to
get it in since the beginning of December.

------- Comment #11 From Raphael Marichez 2007-03-13 23:02:40 0000 ------- 
ping web-apps: if you don't have time to maintain this package, then please put
it in p.mask so that it will not be concerned by the security process anymore

------- Comment #12 From Renat Lumpau 2007-03-13 23:52:30 0000 ------- 
(In reply to comment #11)
> ping web-apps: if you don't have time to maintain this package, then please put
> it in p.mask so that it will not be concerned by the security process anymore
> 

Please feel free to p.mask it - ramereth seems to be MIA

------- Comment #13 From Raphael Marichez 2007-03-14 00:19:44 0000 ------- 
Security team, your opinion? Probably i will email -dev.

security vulnerabilities:

CVE-2006-6965
CVE-2006-5099
CVE-2006-5098
CVE-2006-4679
CVE-2006-4675
CVE-2006-4674
CVE-2006-2945
CVE-2006-2878

------- Comment #14 From Matt Drew 2007-03-14 03:29:21 0000 ------- 
I've seen this in quite a few places in active use, I'd vote yes for a GLSA.

------- Comment #15 From Sune Kloppenborg Jeppesen 2007-03-14 07:38:26 0000 ------- 
I think you should mail -dev with maintainer wanted.

------- Comment #16 From Raphael Marichez 2007-03-15 21:46:53 0000 ------- 
-dev'ed

let's wait for a few days before masking it

------- Comment #17 From Andrej Kacian (RETIRED) 2007-03-15 22:36:20 0000 ------- 
I am using dokuwiki - although only lightly - and like it. Therefore I'll
volunteer to take on its maintainership, because I really don't want it to go.
20061106 committed in the tree.

If someone is against it, or wishes to maintain dokuwiki more than me, just
contact me.

------- Comment #18 From Raphael Marichez 2007-03-16 00:01:01 0000 ------- 
Nice, thanks a lot Andrej.

Hi x86, please test and mark stable dokuwiki-20061106, thanks!

------- Comment #19 From Andrej Kacian (RETIRED) 2007-03-16 06:51:51 0000 ------- 
x86 done

------- Comment #20 From Matthias Geerdsen 2007-03-16 16:00:22 0000 ------- 
(In reply to comment #13)
> Security team, your opinion? Probably i will email -dev.
> 
> security vulnerabilities:
> 

2006-03-09e affected by: 

> CVE-2006-6965

not affected by:
> CVE-2006-5099
> CVE-2006-5098
> CVE-2006-4679
> CVE-2006-4675
> CVE-2006-4674
> CVE-2006-2945
> CVE-2006-2878


security please vote

------- Comment #21 From Andrej Kacian (RETIRED) 2007-03-16 17:47:53 0000 ------- 
(In reply to comment #20)
> (In reply to comment #13)
> > Security team, your opinion? Probably i will email -dev.
> > 
> > security vulnerabilities:
> > 
> 
> 2006-03-09e affected by: 
> 
> > CVE-2006-6965

Um, this is about 2006-11-06, not about 2006-03-09e (which I have already
removed from the tree anyway, as 2006-11-06 has equal keywords).

------- Comment #22 From Pierre-Yves Rofes 2007-03-16 19:32:25 0000 ------- 
(In reply to comment #20)
> (In reply to comment #13)
> 
> security please vote
> 

tending to vote yes, as it seems to be widely used.

------- Comment #23 From Matthias Geerdsen 2007-03-16 21:07:48 0000 ------- 
(In reply to comment #21)
> 
> Um, this is about 2006-11-06, not about 2006-03-09e (which I have already
> removed from the tree anyway, as 2006-11-06 has equal keywords).
> 

Yep, I just wanted to make clear that we are only talking about one issue (CVE)
and not the whole list, since we dealt with those in earlier GLSAs already ;-)

I also tend to vote yes btw.

------- Comment #24 From Sune Kloppenborg Jeppesen 2007-03-17 08:40:21 0000 ------- 
I tend to vote YES.

------- Comment #25 From Raphael Marichez 2007-03-26 22:02:33 0000 ------- 
i would vote "no" for the very weak impact, on a web-app that is typically
prone to XSS issues.

------- Comment #26 From Raphael Marichez 2007-04-02 22:16:30 0000 ------- 
i'm filing a GLSA request due to your "yes" votes

------- Comment #27 From Matthias Geerdsen 2007-04-12 14:17:09 0000 ------- 
GLSA 200704-08

thanks everyone
First Last Prev Next    No search results available      Search page      Enter new bug