Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 409513 (CVE-2012-1578) - <www-apps/mediawiki-1.18.2 : Multiple Vulnerabilities (CVE-2012-{1578,1579,1580,1581,1582})
Summary: <www-apps/mediawiki-1.18.2 : Multiple Vulnerabilities (CVE-2012-{1578,1579,15...
Alias: CVE-2012-1578
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
Whiteboard: B3 [glsa]
Depends on:
Reported: 2012-03-24 09:36 UTC by Agostino Sarubbo
Modified: 2012-09-10 11:39 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Note You need to log in before you can comment on or make changes to this bug.
Description Agostino Sarubbo gentoo-dev 2012-03-24 09:36:11 UTC
From secunia advisory at $URL:

1) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the requests. This can be exploited to e.g. block or unblock a user by tricking a logged in administrator into visiting a malicious web site.

2) An error due to the application failing to restrict access to the user.tokens module can be exploited to disclose a user's CSRF tokens.

3) Certain unspecified input passed to the wikitext parser when creating a page is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed.

Note: This can further be exploited to cause an infinite loop and exhaust memory.

The vulnerabilities are reported in versions prior to 1.17.3 and 1.18.2.

Update to version 1.17.3 or 1.18.2.
Comment 1 Tim Harder gentoo-dev 2012-03-24 22:51:02 UTC
1.18.2 is already in the tree go ahead and stabilize it.
Comment 2 Tim Sammut (RETIRED) gentoo-dev 2012-03-25 14:50:35 UTC
Great, thanks.

Arches, please test and mark stable:
Target keywords : "amd64 ppc x86"
Comment 3 Agostino Sarubbo gentoo-dev 2012-03-25 16:21:09 UTC
amd64 stable
Comment 4 Paweł Hajdan, Jr. (RETIRED) gentoo-dev 2012-03-27 15:00:25 UTC
x86 stable
Comment 5 Brent Baude (RETIRED) gentoo-dev 2012-06-08 18:20:37 UTC
ppc done
Comment 6 Tim Sammut (RETIRED) gentoo-dev 2012-06-10 15:33:29 UTC
Thanks, folks. GLSA Vote: no.
Comment 7 Sean Amoss (RETIRED) gentoo-dev Security 2012-06-11 20:08:09 UTC
GLSA vote: no.

Closing noglsa.
Comment 8 Stefan Behte (RETIRED) gentoo-dev Security 2012-06-21 18:00:22 UTC
This was already added to pending GLSA request, so there will be a GLSA.
Comment 9 GLSAMaker/CVETool Bot gentoo-dev 2012-06-21 18:20:06 UTC
This issue was resolved and addressed in
 GLSA 201206-09 at
by GLSA coordinator Stefan Behte (craig).
Comment 10 GLSAMaker/CVETool Bot gentoo-dev 2012-09-10 11:39:20 UTC
CVE-2012-1582 (
  Cross-site scripting (XSS) vulnerability in the wikitext parser in MediaWiki
  1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote attackers to
  inject arbitrary web script or HTML via a crafted page with "forged strip
  item markers," as demonstrated using the CharInsert extension.

CVE-2012-1581 (
  MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 uses weak random
  numbers for password reset tokens, which makes it easier for remote
  attackers to change the passwords of arbitrary users.

CVE-2012-1580 (
  Cross-site request forgery (CSRF) vulnerability in Special:Upload in
  MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allows remote
  attackers to hijack the authentication of unspecified victims for requests
  that upload files.

CVE-2012-1579 (
  The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before
  1.18.2 includes private data such as CSRF tokens in a JavaScript file, which
  allows remote attackers to obtain sensitive information.

CVE-2012-1578 (
  Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki
  1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to
  hijack the authentication of users with the block permission for requests
  that (1) block a user via a request to the Block module or (2) unblock a
  user via a request to the Unblock module.