GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Sun May 11, 2008 2:26 pm Post subject: [ GLSA 200805-09 ] MoinMoin: Privilege escalation |
 |
|
Gentoo Linux Security Advisory
Title: MoinMoin: Privilege escalation (GLSA 200805-09)
Severity: normal
Exploitable: remote
Date: May 11, 2008
Bug(s): #218752
ID: 200805-09
Synopsis
A vulnerability in MoinMoin may allow a remote attacker to elevate his
privileges.
Background
MoinMoin is an advanced and extensible Wiki Engine.
Affected Packages
Package: www-apps/moinmoin
Vulnerable: < 1.6.3
Unaffected: >= 1.6.3
Architectures: All supported architectures
Description
It has been reported that the user form processing in the file
userform.py does not properly manage users when using Access Control
Lists or a non-empty superusers list.
Impact
A remote attacker could exploit this vulnerability to gain superuser
privileges on the application.
Workaround
There is no known workaround at this time.
Resolution
All MoinMoin users should upgrade to the latest version:
| Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.3" |
References
CVE-2008-1937
Last edited by GLSA on Sat May 31, 2014 4:26 am; edited 2 times in total |
|
News & Announcements
