Gentoo Archives: gentoo-commits

From: "Raphael Marichez (falco)" <falco@g.o>
To: gentoo-commits@l.g.o
Subject: [gentoo-commits] gentoo commit in xml/htdocs/security/en/glsa: glsa-200709-10.xml
Date: Tue, 18 Sep 2007 21:35:45
falco       07/09/18 21:27:58

  Added:                glsa-200709-10.xml
  GLSA 200709-10

Revision  Changes    Path
1.1                  xml/htdocs/security/en/glsa/glsa-200709-10.xml

file :

Index: glsa-200709-10.xml
<?xml version="1.0" encoding="utf-8"?>
<?xml-stylesheet href="/xsl/glsa.xsl" type="text/xsl"?>
<?xml-stylesheet href="/xsl/guide.xsl" type="text/xsl"?>

<glsa id="200709-10">
  <title>PhpWiki: Authentication bypass</title>
    A vulnerability has been discovered in PhpWiki authentication mechanism.
  <product type="ebuild">phpwiki</product>
  <announced>September 18, 2007</announced>
  <revised>September 18, 2007: 01</revised>
    <package name="www-apps/phpwiki" auto="yes" arch="*">
      <unaffected range="ge">1.3.14</unaffected>
      <vulnerable range="lt">1.3.14</vulnerable>
    PhpWiki is an application that creates a web site where anyone can edit
    the pages through HTML forms.
    The PhpWiki development team reported an authentication error within
    the file lib/WikiUser/LDAP.php when binding to an LDAP server with an
    empty password.
  <impact type="low">
    A remote attacker could provide an empty password when authenticating.
    Depending on the LDAP implementation used, this could bypass the
    PhpWiki authentication mechanism and grant the attacker access to the
    There is no known workaround at this time.
    All PhpWiki users should upgrade to the latest version:
    # emerge --sync
    # emerge --ask --oneshot --verbose &quot;&gt;=www-apps/phpwiki-1.3.14&quot;</code>
    <uri link="">CVE-2007-3193</uri>
  <metadata tag="requester" timestamp="Tue, 04 Sep 2007 23:41:27 +0000">
  <metadata tag="bugReady" timestamp="Sat, 08 Sep 2007 16:22:11 +0000">
  <metadata tag="submitter" timestamp="Sat, 15 Sep 2007 20:54:32 +0000">

gentoo-commits@g.o mailing list