Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Sat, 29 Dec 2012 15:11:21 +0100
From: Tilmann Haak <tilmann@...pwiki.de>
To: oss-security@...ts.openwall.com
Subject: CVE request: MoinMoin Wiki (remote code execution vulnerability)

Hi all,

there is a remote code execution vulnerability in MoinMoin wiki,
versions 1.9.x up to (and including) 1.9.5. The method save in class
AnyWikiDraw (action/anywikidraw.py) and class TWikiDraw
(action/twikidraw.py) do not filter user supplied input correctly, which
leads to a path traversal vulnerability, which can be exploited to
execute arbitrary code with moin's privileges. An exploit was seen in 
the wild.

Details can be found at: http://moinmo.in/SecurityFixes

A fix is available at: http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f

Could someone please assign a CVE number?

kind regards,
   Tilmann

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.