[gentoo-announce] [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities - gentoo-announce

From:	Raphael Marichez <falco@g.o>
To:	gentoo-announce@g.o
Cc:	bugtraq@×××××××××××××.com, full-disclosure@××××××××××××××.uk, security-alerts@×××××××××××××.com
Subject:	[gentoo-announce] [ GLSA 200801-10 ] TikiWiki: Multiple vulnerabilities
Date:	Thu, 24 Jan 2008 00:17:49
Message-Id:	`20080123234838.GF827@falco.falcal.net`

1

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

2

Gentoo Linux Security Advisory                           GLSA 200801-10

3

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

4

                                            http://security.gentoo.org/

5

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

6

7

  Severity: Low

8

     Title: TikiWiki: Multiple vulnerabilities

9

      Date: January 23, 2008

10

      Bugs: #203265

11

        ID: 200801-10

12

13

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

14

15

Synopsis

16

========

17

18

Multiple vulnerabilities have been discovered in TikiWiki, some of them

19

having unknown impact.

20

21

Background

22

==========

23

24

TikiWiki is an open source content management system written in PHP.

25

26

Affected packages

27

=================

28

29

    -------------------------------------------------------------------

30

     Package            /  Vulnerable  /                    Unaffected

31

    -------------------------------------------------------------------

32

  1  www-apps/tikiwiki       < 1.9.9                          >= 1.9.9

33

34

Description

35

===========

36

37

* Jesus Olmos Gonzalez from isecauditors reported insufficient

38

  sanitization of the "movies" parameter in file tiki-listmovies.php

39

  (CVE-2007-6528).

40

41

* Mesut Timur from H-Labs discovered that the input passed to the

42

  "area_name" parameter in file tiki-special_chars.php is not properly

43

  sanitised before being returned to the user (CVE-2007-6526).

44

45

* redflo reported multiple unspecified vulnerabilities in files

46

  tiki-edit_css.php, tiki-list_games.php, and

47

  tiki-g-admin_shared_source.php (CVE-2007-6529).

48

49

Impact

50

======

51

52

A remote attacker can craft the "movies" parameter to run a directory

53

traversal attack through a ".." sequence and read the first 1000 bytes

54

of any arbitrary file, or conduct a cross-site scripting (XSS) attack

55

through the "area_name" parameter. This attack can be exploited to

56

execute arbitrary HTML and script code in a user's browser session,

57

allowing for the theft of browser session data or cookies in the

58

context of the affected web site. The impacts of the unspecified

59

vulnerabilities are still unknown.

60

61

Workaround

62

==========

63

64

There is no known workaround at this time.

65

66

Resolution

67

==========

68

69

All TikiWiki users should upgrade to the latest version:

70

71

    # emerge --sync

72

    # emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.9"

73

74

References

75

==========

76

77

  [ 1 ] CVE-2007-6526

78

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6526

79

  [ 2 ] CVE-2007-6528

80

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6528

81

  [ 3 ] CVE-2007-6529

82

        http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6529

83

84

Availability

85

============

86

87

This GLSA and any updates to it are available for viewing at

88

the Gentoo Security Website:

89

90

  http://security.gentoo.org/glsa/glsa-200801-10.xml

91

92

Concerns?

93

=========

94

95

Security is a primary focus of Gentoo Linux and ensuring the

96

confidentiality and security of our users machines is of utmost

97

importance to us. Any security concerns should be addressed to

98

security@g.o or alternatively, you may file a bug at

99

http://bugs.gentoo.org.

100

101

License

102

=======

103

104

Copyright 2008 Gentoo Foundation, Inc; referenced text

105

belongs to its owner(s).

106

107

The contents of this document are licensed under the

108

Creative Commons - Attribution / Share Alike license.

109

110

http://creativecommons.org/licenses/by-sa/2.5

1	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
2	Gentoo Linux Security Advisory GLSA 200801-10
3	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
4	http://security.gentoo.org/
5	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
6
7	Severity: Low
8	Title: TikiWiki: Multiple vulnerabilities
9	Date: January 23, 2008
10	Bugs: #203265
11	ID: 200801-10
12
13	- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
14
15	Synopsis
16	========
17
18	Multiple vulnerabilities have been discovered in TikiWiki, some of them
19	having unknown impact.
20
21	Background
22	==========
23
24	TikiWiki is an open source content management system written in PHP.
25
26	Affected packages
27	=================
28
29	-------------------------------------------------------------------
30	Package / Vulnerable / Unaffected
31	-------------------------------------------------------------------
32	1 www-apps/tikiwiki < 1.9.9 >= 1.9.9
33
34	Description
35	===========
36
37	* Jesus Olmos Gonzalez from isecauditors reported insufficient
38	sanitization of the "movies" parameter in file tiki-listmovies.php
39	(CVE-2007-6528).
40
41	* Mesut Timur from H-Labs discovered that the input passed to the
42	"area_name" parameter in file tiki-special_chars.php is not properly
43	sanitised before being returned to the user (CVE-2007-6526).
44
45	* redflo reported multiple unspecified vulnerabilities in files
46	tiki-edit_css.php, tiki-list_games.php, and
47	tiki-g-admin_shared_source.php (CVE-2007-6529).
48
49	Impact
50	======
51
52	A remote attacker can craft the "movies" parameter to run a directory
53	traversal attack through a ".." sequence and read the first 1000 bytes
54	of any arbitrary file, or conduct a cross-site scripting (XSS) attack
55	through the "area_name" parameter. This attack can be exploited to
56	execute arbitrary HTML and script code in a user's browser session,
57	allowing for the theft of browser session data or cookies in the
58	context of the affected web site. The impacts of the unspecified
59	vulnerabilities are still unknown.
60
61	Workaround
62	==========
63
64	There is no known workaround at this time.
65
66	Resolution
67	==========
68
69	All TikiWiki users should upgrade to the latest version:
70
71	# emerge --sync
72	# emerge --ask --oneshot --verbose ">=www-apps/tikiwiki-1.9.9"
73
74	References
75	==========
76
77	[ 1 ] CVE-2007-6526
78	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6526
79	[ 2 ] CVE-2007-6528
80	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6528
81	[ 3 ] CVE-2007-6529
82	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6529
83
84	Availability
85	============
86
87	This GLSA and any updates to it are available for viewing at
88	the Gentoo Security Website:
89
90	http://security.gentoo.org/glsa/glsa-200801-10.xml
91
92	Concerns?
93	=========
94
95	Security is a primary focus of Gentoo Linux and ensuring the
96	confidentiality and security of our users machines is of utmost
97	importance to us. Any security concerns should be addressed to
98	security@g.o or alternatively, you may file a bug at
99	http://bugs.gentoo.org.
100
101	License
102	=======
103
104	Copyright 2008 Gentoo Foundation, Inc; referenced text
105	belongs to its owner(s).
106
107	The contents of this document are licensed under the
108	Creative Commons - Attribution / Share Alike license.
109
110	http://creativecommons.org/licenses/by-sa/2.5

Gentoo Archives: gentoo-announce