Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 301310 (CVE-2010-0287) - <www-apps/dokuwiki-20091225c Multiple vulnerabilities (CVE-2010-{0287,0288,0289},CVE-2011-3727)
Summary: <www-apps/dokuwiki-20091225c Multiple vulnerabilities (CVE-2010-{0287,0288,02...
Status: RESOLVED FIXED
Alias: CVE-2010-0287
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2010-01-17 20:46 UTC by Marc Schiffbauer
Modified: 2013-01-09 00:54 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Marc Schiffbauer gentoo-dev 2010-01-17 20:46:56 UTC
Upstream bug:
http://bugs.splitbrain.org/index.php?do=details&task_id=1853

fixed in new version 20091225c
http://www.splitbrain.org/_media/projects/dokuwiki/dokuwiki-2009-12-25c.tgz

Reproducible: Always
Comment 1 Philippe Chaintreuil 2010-01-18 20:39:59 UTC
Hey Lance,

Thanks for fixing #299360; there's another security issue in it, so they've released a 20091225c version.  Since you were last to touch it, I figured I'd make sure you were in the loop.
Comment 2 Lance Albertson (RETIRED) gentoo-dev 2010-01-19 16:42:37 UTC
(In reply to comment #1)
> Hey Lance,
> 
> Thanks for fixing #299360; there's another security issue in it, so they've
> released a 20091225c version.  Since you were last to touch it, I figured I'd
> make sure you were in the loop.
> 

+*dokuwiki-20091225c (19 Jan 2010)
+
+  19 Jan 2010; Lance Albertson <ramereth@gentoo.org>
+  +dokuwiki-20091225c.ebuild:
+  Version bump requested in #301310 for cross-site request forgeries exploit
+  found in 20091225b
+

Thanks for reporting.
Comment 3 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:02:22 UTC
CVE-2010-0287 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0287):
  Directory traversal vulnerability in the ACL Manager plugin
  (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote
  attackers to list the contents of arbitrary directories via a .. (dot
  dot) in the ns parameter.

CVE-2010-0288 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0288):
  A typo in the administrator permission check in the ACL Manager
  plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows
  remote attackers to gain privileges and access closed wikis by
  editing current ACL statements, as demonstrated in the wild in
  January 2010.

CVE-2010-0289 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-0289):
  Multiple cross-site request forgery (CSRF) vulnerabilities in the ACL
  Manager plugin (plugins/acl/ajax.php) in DokuWiki before 2009-12-25c
  allow remote attackers to hijack the authentication of administrators
  for requests that modify access control rules, and other unspecified
  requests, via unknown vectors.

Comment 4 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 08:03:59 UTC
Lance, can we go stable with 20091225c?
Comment 5 Lance Albertson (RETIRED) gentoo-dev 2010-03-05 16:41:34 UTC
(In reply to comment #4)
> Lance, can we go stable with 20091225c?

Yes, we should. Go ahead or I can later today.
Comment 6 Alex Legler (RETIRED) archtester gentoo-dev Security 2010-03-05 17:37:04 UTC
Arches, please test and mark stable:
=www-apps/dokuwiki-20091225c
Target keywords : "amd64 ppc sparc x86"
Comment 7 Christian Faulhammer (RETIRED) gentoo-dev 2010-03-08 18:07:32 UTC
x86 stable
Comment 8 Markus Meier gentoo-dev 2010-03-08 19:45:41 UTC
amd64 stable
Comment 9 Joe Jezak (RETIRED) gentoo-dev 2010-03-09 21:58:56 UTC
Marked ppc stable.
Comment 10 Raúl Porcel (RETIRED) gentoo-dev 2010-03-14 19:23:45 UTC
sparc stable
Comment 11 Philippe Chaintreuil 2010-05-25 19:12:40 UTC
Any reason this can't be marked closed?
Comment 12 Stefan Behte (RETIRED) gentoo-dev Security 2010-08-01 12:20:16 UTC
Vote: YES.
Comment 13 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:36:43 UTC
No GLSAs for webapps, closing.
Comment 14 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:49:50 UTC
Oops, actually we don't do GLSAs for XSS in webapps only, reopening.
Comment 15 Tobias Heinlein (RETIRED) gentoo-dev 2010-08-14 14:50:26 UTC
This is worse than XSS, so YES, request filed.
Comment 16 Philippe Chaintreuil 2011-09-30 13:09:09 UTC
This is no longer in portage.  Can probably closed: Didn't fix.
Comment 17 GLSAMaker/CVETool Bot gentoo-dev 2011-10-08 12:48:11 UTC
CVE-2011-3727 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-3727):
  DokuWiki 2009-12-25c allows remote attackers to obtain sensitive information
  via a direct request to a .php file, which reveals the installation path in
  an error message, as demonstrated by lib/tpl/index.php and certain other
  files.
Comment 18 Lance Albertson (RETIRED) gentoo-dev 2012-05-13 08:19:16 UTC
(In reply to comment #16)
> This is no longer in portage.  Can probably closed: Didn't fix.

I concur, this can be closed.
Comment 19 GLSAMaker/CVETool Bot gentoo-dev 2013-01-09 00:54:38 UTC
This issue was resolved and addressed in
 GLSA 201301-07 at http://security.gentoo.org/glsa/glsa-201301-07.xml
by GLSA coordinator Stefan Behte (craig).