Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 149266 - www-apps/dokuwiki: shell injection and a DOS vulnerability (CVE-2006-5098 CVE-2006-5099)
Summary: www-apps/dokuwiki: shell injection and a DOS vulnerability (CVE-2006-5098 CVE...
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High normal (vote)
Assignee: Gentoo Security
Whiteboard: B1 [glsa] vorlon
Depends on:
Reported: 2006-09-27 00:36 UTC by Matthias Geerdsen (RETIRED)
Modified: 2006-12-13 12:38 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Matthias Geerdsen (RETIRED) gentoo-dev 2006-09-27 00:36:21 UTC
from the dokuwiki ml:

Another two vulnerabilities have been discovered in DokuWiki. Both are
mostly harmful for users of ImageMagick's convert utility only, but
should be quickly fixed by everyone.

The first one is a possible denial of service vulnerability caused by
allowing images being resized unlimited. When libGD is used (default)
the needed RAM is calculated before and the function aborts if not
enough RAM for the PHP process is available (typically 8 to 32MB).
However if ImageMagick ($conf['imconvert']) is used, no such limit
exists, allowing an attacker to potentially consume a lot of system

More info and how to fix this is available at

While examining this problem I discovered another, more serious one.
The input parameters for width and height are not sanitized properly,
which can be used by an attacker to introduce arbitrary shell commands
into the imagemagick commandline. I was not able exploit this with the
default libGD option but all users should apply the fix as soon as
possible anyway.

More info and how to fix this is available at

Both problems are fixed in the new hotfixed tarball available at
Comment 1 Lance Albertson (RETIRED) gentoo-dev 2006-09-27 06:30:03 UTC
Committed dokuwiki-20060309e into cvs. I don't have a good place to test this since I'm in the middle of moving, so can someone please test the app once you install it? Thanks.
Comment 2 Matthias Geerdsen (RETIRED) gentoo-dev 2006-09-27 07:04:07 UTC
rating B1, it appears not to be vulnerable by default though (not using imagemagick by default)

x86, pls test and mark stable if possible
Comment 3 Raphael Marichez (Falco) (RETIRED) gentoo-dev 2006-09-27 14:24:10 UTC
and i'd have rated C1 since dokuwiki is not a widely-deployed package... but nevermind
Comment 4 Wolf Giesen (RETIRED) gentoo-dev 2006-09-27 22:50:46 UTC
> rating B1, it appears not to be vulnerable by default though (not using
> imagemagick by default)

Yup, default is GD.
Comment 5 Christian Faulhammer (RETIRED) gentoo-dev 2006-09-27 23:17:09 UTC
1) emerges fine
2) passes collision test
3) seems to work
Portage 2.1.1 (default-linux/x86/2006.1/desktop, gcc-4.1.1, glibc-2.4-r3, 2.6.17-gentoo-r8 i686)
System uname: 2.6.17-gentoo-r8 i686 AMD Athlon(tm) XP 2500+
Gentoo Base System version 1.12.5
Last Sync: Thu, 28 Sep 2006 05:20:01 +0000
app-admin/eselect-compiler: [Not Present]
dev-java/java-config: 1.2.11-r1
dev-lang/python:     2.4.3-r4
dev-python/pycrypto: 2.0.1-r5
dev-util/ccache:     [Not Present]
dev-util/confcache:  [Not Present]
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.59-r7
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2
sys-devel/binutils:  2.16.1-r3
sys-devel/gcc-config: 1.3.13-r3
sys-devel/libtool:   1.5.22
virtual/os-headers:  2.6.17-r1
CONFIG_PROTECT="/etc /usr/kde/3.5/env /usr/kde/3.5/share/config /usr/kde/3.5/shutdown /usr/share/X11/xkb /usr/share/config /usr/share/texmf/dvipdfm/config/ /usr/share/texmf/dvips/config/ /usr/share/texmf/tex/generic/config/ /usr/share/texmf/tex/platex/config/ /usr/share/texmf/xdvi/"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/revdep-rebuild /etc/splash /etc/terminfo"
FEATURES="autoconfig ccache collision-protect distlocks metadata-transfer parallel-fetch sandbox sfperms strict test"
PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude='/distfiles' --exclude='/local' --exclude='/packages'"
USE="x86 3dnow 3dnowext X Xaw3d a52 alsa artworkextra asf audiofile bash-completion beagle berkdb bidi bitmap-fonts bootsplash branding bzip2 cairo cdda cddb cdparanoia cdr cli cracklib crypt css cups curl custom-cflags dbus dga directfb divx4linux dlloader dri dts dvd dvdr dvdread dvi eds elibc_glibc emacs emboss encode esd evo exif expat fam fat fbcon ffmpeg firefox fortran ftp gb gcj gdbm gif gnome gpm gstreamer gtk gtk2 gtkhtml hal icq idn imagemagick imap input_devices_keyboard input_devices_mouse ipv6 isdnlog java javascript jikes jpeg jpeg2k kde kernel_linux ldap leim libg++ linguas_de lm_sensors mad maildir matroska mbox mhash mikmod mime mmx mmxext mng mono mp3 mpeg mpeg2 mule nautilus ncurses nforce2 nls nocardbus nptl nptlonly nsplugin nvidia objc ogg opengl pam pcre pdf perl plotutils pmu png ppds pppd preview-latex print python qt3 qt4 quicktime readline reflection reiserfs samba sdk session slang spell spl sse ssl svg svga t1lib tcltk tcpd tetex theora thunderbird tiff truetype truetype-fonts type1-fonts udev usb userland_GNU vcd video_cards_fbdev video_cards_radeon video_cards_vesa videos vorbis win32codecs wmf wxwindows xine xml xorg xosd xv xvid zlib"
Comment 6 Chris Gianelloni (RETIRED) gentoo-dev 2006-09-28 06:54:02 UTC
x86 done
Comment 7 Matthias Geerdsen (RETIRED) gentoo-dev 2006-09-28 12:45:19 UTC
GLSA 200609-20

thanks everyone
Comment 8 Matthias Geerdsen (RETIRED) gentoo-dev 2006-12-13 12:38:42 UTC
adding CVE entries, sorry for the spam