Gentoo Archives: gentoo-commits

From: "Raphael Marichez (falco)" <falco@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200709-10.xml
Date: Tue, 18 Sep 2007 21:35:45
Message-Id: E1IXkbu-0002kn-TN@stork.gentoo.org
1 falco 07/09/18 21:27:58
2
3 Added: glsa-200709-10.xml
4 Log:
5 GLSA 200709-10
6
7 Revision Changes Path
8 1.1 xml/htdocs/security/en/glsa/glsa-200709-10.xml
9
10 file : http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-10.xml?rev=1.1&view=markup
11 plain: http://sources.gentoo.org/viewcvs.py/gentoo/xml/htdocs/security/en/glsa/glsa-200709-10.xml?rev=1.1&content-type=text/plain
12
13 Index: glsa-200709-10.xml
14 ===================================================================
15 <?xml version="1.0" encoding="utf-8"?>
16 <?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
17 <?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>
18 <!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd">
19
20 <glsa id="200709-10">
21 <title>PhpWiki: Authentication bypass</title>
22 <synopsis>
23 A vulnerability has been discovered in PhpWiki authentication mechanism.
24 </synopsis>
25 <product type="ebuild">phpwiki</product>
26 <announced>September 18, 2007</announced>
27 <revised>September 18, 2007: 01</revised>
28 <bug>181692</bug>
29 <access>remote</access>
30 <affected>
31 <package name="www-apps/phpwiki" auto="yes" arch="*">
32 <unaffected range="ge">1.3.14</unaffected>
33 <vulnerable range="lt">1.3.14</vulnerable>
34 </package>
35 </affected>
36 <background>
37 <p>
38 PhpWiki is an application that creates a web site where anyone can edit
39 the pages through HTML forms.
40 </p>
41 </background>
42 <description>
43 <p>
44 The PhpWiki development team reported an authentication error within
45 the file lib/WikiUser/LDAP.php when binding to an LDAP server with an
46 empty password.
47 </p>
48 </description>
49 <impact type="low">
50 <p>
51 A remote attacker could provide an empty password when authenticating.
52 Depending on the LDAP implementation used, this could bypass the
53 PhpWiki authentication mechanism and grant the attacker access to the
54 application.
55 </p>
56 </impact>
57 <workaround>
58 <p>
59 There is no known workaround at this time.
60 </p>
61 </workaround>
62 <resolution>
63 <p>
64 All PhpWiki users should upgrade to the latest version:
65 </p>
66 <code>
67 # emerge --sync
68 # emerge --ask --oneshot --verbose &quot;&gt;=www-apps/phpwiki-1.3.14&quot;</code>
69 </resolution>
70 <references>
71 <uri link="http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-3193">CVE-2007-3193</uri>
72 </references>
73 <metadata tag="requester" timestamp="Tue, 04 Sep 2007 23:41:27 +0000">
74 aetius
75 </metadata>
76 <metadata tag="bugReady" timestamp="Sat, 08 Sep 2007 16:22:11 +0000">
77 p-y
78 </metadata>
79 <metadata tag="submitter" timestamp="Sat, 15 Sep 2007 20:54:32 +0000">
80 p-y
81 </metadata>
82 </glsa>
83
84
85
86 --
87 gentoo-commits@g.o mailing list