Summary: | www-apps/moinmoin < 1.6.1 XSS issues (CVE-2008-{0780,0781,0782,1098,1099})) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Hanno Böck <hanno> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | major | ||
Priority: | High | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | http://secunia.com/advisories/29010/ | ||
Whiteboard: | C1 [glsa] | ||
Package list: | Runtime testing required: | --- |
Description
Hanno Böck
2008-02-06 13:24:58 UTC
http://hg.moinmo.in/moin/1.6/raw-file/1.6.1/docs/CHANGES shows " * Fix XSS issue in login action." 1.6.1 in webapps overlay (using distutils as it should in the first place now) in case someone needs it urgently. :) http://overlays.gentoo.org/svn/proj/webapps/migration/www-apps/moinmoin/ web-apps, please bump 1.6.1 into the tree. moinmoin-1.6.1 is in the tree. Targets: amd64 ppc sparc x86 @jakub: Thanks for the ebuild. Nice work! (In reply to comment #4) > moinmoin-1.6.1 is in the tree. > > Targets: > > amd64 ppc sparc x86 > > @jakub: > > Thanks for the ebuild. Nice work! > x86 stable ppc stable sparc stable amd64 stable Fixed in release snapshot. This one is ready for GLSA vote. I vote NO. I would raise the severity level on this bug, for CVE-2008-0782: Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via ".." sequences in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter. Anyway, YES. Removed vulnerable version. webapps done. voting NO too, and closing. Actually I missed rbu's comment. reverting my vote to YES, and request filed. Raising severity to C1 ie remote code execution with non standard config. Is that correct? (In reply to comment #16) > Raising severity to C1 ie remote code execution with non standard config. Is > that correct? ACK We should research this first, but I asusme this is fixes in the most recent update, too. Hanno, can you help here? CVE-2008-1098 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1098): Multiple cross-site scripting (XSS) vulnerabilities in MoinMoin 1.5.8 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) certain input processed by formatter/text_gedit.py (aka the gui editor formatter); (2) a page name, which triggers an injection in PageEditor.py when the page is successfully deleted by a victim in a DeletePage action; or (3) the destination page name for a RenamePage action, which triggers an injection in PageEditor.py when a victim's rename attempt fails because of a duplicate name. NOTE: the AttachFile XSS issue is already covered by CVE-2008-0781, and the login XSS issue is already covered by CVE-2008-0780. CVE-2008-1099 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2008-1099): _macro_Getval in wikimacro.py in MoinMoin 1.5.8 and earlier does not properly enforce ACLs, which allows remote attackers to read protected pages. GLSA 200803-27 |