|

»

Bug#499534: twiki: Remote code execution vulerability.

View: New views

3 Messages — Rating Filter: Alert me

	Bug#499534: twiki: Remote code execution vulerability. by Brad Krane-2 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Package: twiki Version: 1:4.0.5-9.1 Severity: grave Tags: security Justification: user security hole TWiki command execution vulnerability found in current version. US-CERT Vulnerability Note: http://www.kb.cert.org/vuls/id/362012 and TWiki Security Alert: http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 -- System Information: Debian Release: 4.0 APT prefers oldstable APT policy: (500, 'oldstable'), (500, 'stable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/bash Kernel: Linux 2.6.18-6-686 Locale: LANG=en_CA, LC_CTYPE=en_CA (charmap=ISO-8859-1) Versions of packages twiki depends on: ii apache-common 1.3.34-4.1+etch1 support files for all Apache webse ii debconf [debconf-2.0] 1.5.11etch2 Debian configuration management sy ii libalgorithm-diff-perl 1.19.01-2 a perl library for finding Longest ii libcgi-session-perl 4.14-1 Persistent session data in CGI app ii libdigest-sha1-perl 2.11-1 NIST SHA-1 message digest algorith ii liberror-perl 0.15-8 Perl module for error/exception ha ii libhtml-parser-perl 3.55-1 A collection of modules that parse ii liblocale-maketext-lexi 0.62-1 Lexicon-handling backends for "Loc ii libtext-diff-perl 0.35-2 Perform diffs on files and record ii liburi-perl 1.35-2 Manipulates and accesses URI strin ii perl [libmime-base64-pe 5.8.8-7etch3 Larry Wall's Practical Extraction ii perl-modules [libnet-pe 5.8.8-7etch3 Core Perl modules ii rcs 5.7-18 The GNU Revision Control System twiki recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...
	Bug#499534: twiki: Remote code execution vulerability. by Nico Golde-6 :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message severity 499534 important thanks Hi Brad, * Brad Krane <bjkrane@...> [2008-09-19 19:18]: > TWiki command execution vulnerability found in current version. US-CERT Vulnerability Note: > http://www.kb.cert.org/vuls/id/362012 and TWiki Security Alert: > http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2008-3195 Downgrading as the access to this script is limited to localhost on Debian. Cheers Nico -- Nico Golde - http://www.ngolde.de - nion@... - GPG: 0x73647CFF For security reasons, all text in this mail is double-rot13 encrypted. attachment0 (204 bytes) Download Attachment
	Processed: Re: Bug#499534: twiki: Remote code execution vulerability. by Debian Bug Tracking System :: Rate this Message: Reply (Restricted by the Administrator) \| Reply to Author \| View Threaded \| Show Only this Message Processing commands for control@...: > severity 499534 important Bug#499534: twiki: Remote code execution vulerability. Severity set to `important' from `grave' > thanks Stopping processing here. Please contact me if you need assistance. Debian bug tracking system administrator (administrator, Debian Bugs database) -- To UNSUBSCRIBE, email to debian-bugs-rc-REQUEST@... with a subject of "unsubscribe". Trouble? Contact listmaster@...