diff options
author | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
---|---|---|
committer | V3n3RiX <venerix@redcorelinux.org> | 2017-10-09 18:53:29 +0100 |
commit | 4f2d7949f03e1c198bc888f2d05f421d35c57e21 (patch) | |
tree | ba5f07bf3f9d22d82e54a462313f5d244036c768 /metadata/glsa/glsa-200408-25.xml |
reinit the tree, so we can have metadata
Diffstat (limited to 'metadata/glsa/glsa-200408-25.xml')
-rw-r--r-- | metadata/glsa/glsa-200408-25.xml | 67 |
1 files changed, 67 insertions, 0 deletions
diff --git a/metadata/glsa/glsa-200408-25.xml b/metadata/glsa/glsa-200408-25.xml new file mode 100644 index 000000000000..7ae2be9854b8 --- /dev/null +++ b/metadata/glsa/glsa-200408-25.xml @@ -0,0 +1,67 @@ +<?xml version="1.0" encoding="utf-8"?> +<!DOCTYPE glsa SYSTEM "http://www.gentoo.org/dtd/glsa.dtd"> +<glsa id="200408-25"> + <title>MoinMoin: Group ACL bypass</title> + <synopsis> + MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access + Control Lists) and carry out operations that should be limited to + authorized users. + </synopsis> + <product type="ebuild">MoinMoin</product> + <announced>2004-08-26</announced> + <revised>2006-05-22: 02</revised> + <bug>57913</bug> + <access>remote</access> + <affected> + <package name="www-apps/moinmoin" auto="yes" arch="*"> + <unaffected range="ge">1.2.3</unaffected> + <vulnerable range="le">1.2.2</vulnerable> + </package> + </affected> + <background> + <p> + MoinMoin is a Python clone of WikiWiki, based on PikiPiki. + </p> + </background> + <description> + <p> + MoinMoin contains two unspecified bugs, one allowing anonymous users + elevated access when not using ACLs, and the other in the ACL handling + in the PageEditor. + </p> + </description> + <impact type="normal"> + <p> + Restrictions on anonymous users were not properly enforced. This could + lead to unauthorized users gaining administrative access to functions + such as "revert" and "delete". Sites are vulnerable whether or not they + are using ACLs. + </p> + </impact> + <workaround> + <p> + There is no known workaround. + </p> + </workaround> + <resolution> + <p> + All users should upgrade to the latest available version of MoinMoin, + as follows: + </p> + <code> + # emerge sync + + # emerge -pv ">=www-apps/moinmoin-1.2.3" + # emerge ">=www-apps/moinmoin-1.2.3"</code> + </resolution> + <references> + <uri link="https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801">MoinMoin Announcement</uri> + <uri link="http://www.osvdb.org/displayvuln.php?osvdb_id=8194">OSVDB Advisory 8194</uri> + <uri link="http://www.osvdb.org/displayvuln.php?osvdb_id=8195">OSVDB Advisory 8195</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1462">CVE-2004-1462</uri> + <uri link="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-1463">CVE-2004-1463</uri> + </references> + <metadata tag="submitter" timestamp="2004-08-19T05:10:31Z"> + dmargoli + </metadata> +</glsa> |