SecurityTracker.com
Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 
Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Affiliates
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Partners
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker
bugs
@
securitytracker.com





Category:   Application (Forum/Board/Portal)  >   TWiki Vendors:   TWiki.org
(Conectiva Issues Fix) TWiki Input Validation Hole in Search Function Lets Remote Users Execute Shell Commands
SecurityTracker Alert ID:  1012896
SecurityTracker URL:  http://securitytracker.com/id/1012896
CVE Reference:   CAN-2004-1037   (Links to External Site)
Date:  Jan 14 2005
Impact:   Execution of arbitrary code via network, User access via network
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 20040901 and prior versions
Description:   A vulnerability was reported in TWiki. A remote user can execute shell commands on the target system.

Hans Ulrich Niedermann reported that the search function does not validate user-supplied input before executing a command line entry based on the input. A remote user can supply a specially crafted search string to execute arbitrary commands on the target system.

A demonstration exploit search string is provided:

doesnotexist1'; (uname -a; id) | sed 's/\(.*\)/__BEGIN__\1__END__.txt/'; fgrep -i -l -- 'doesnotexist2

The vendor was notified on November 12, 2004.
Impact:   A remote user can execute arbitrary shell commands on the target system with the privileges of the target web service.
Solution:   Conectiva has released a fix.

ftp://atualizacoes.conectiva.com.br/10/SRPMS/twiki-20040507beta-61534U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/twiki-20040507beta-61534U10_1cl.i386.rpm
Vendor URL:  twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch (Links to External Site)
Cause:   Input validation error
Underlying OS:   Linux (Conectiva)

Message History:   This archive entry is a follow-up to the message listed below.
Nov 13 2004 TWiki Input Validation Hole in Search Function Lets Remote Users Execute Shell Commands


 Source Message Contents
Date:  Fri, 14 Jan 2005 10:51:18 -0200
Subject:  [Conectiva-updates] [CLA-2005:918] Conectiva Security Announcement


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
CONECTIVA LINUX SECURITY ANNOUNCEMENT 
- --------------------------------------------------------------------------

PACKAGE   : twiki
SUMMARY   : Fix for twiki remote vulnerability
DATE      : 2005-01-14 10:51:00
ID        : CLA-2005:918
RELEVANT
RELEASES  : 10

- -------------------------------------------------------------------------

DESCRIPTION
 TWiki[1] is a flexible, powerful, and easy to use enterprise
 collaboration platform.
 
 A vulnerability in twiki was found where a remote attacker could
 exploit it to run arbitrary shell commands on the server. For further
 information on this vulnerability, please, refer to the authors'
 announcement[2].


SOLUTION
 It is recommended that all twiki users upgrade their packages.
 
 
 REFERENCES
 1.http://www.twiki.org/
 2.http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch


UPDATED PACKAGES
ftp://atualizacoes.conectiva.com.br/10/SRPMS/twiki-20040507beta-61534U10_1cl.src.rpm
ftp://atualizacoes.conectiva.com.br/10/RPMS/twiki-20040507beta-61534U10_1cl.i386.rpm


ADDITIONAL INSTRUCTIONS
 The apt tool can be used to perform RPM packages upgrades:

 - run:                 apt-get update
 - after that, execute: apt-get upgrade

 Detailed instructions regarding the use of apt and upgrade examples 
 can be found at http://distro.conectiva.com.br/atualizacoes/#apt?idioma=en

- -------------------------------------------------------------------------
All packages are signed with Conectiva's GPG key. The key and instructions
on how to import it can be found at 
http://distro.conectiva.com.br/seguranca/chave/?idioma=en
Instructions on how to check the signatures of the RPM packages can be
found at http://distro.conectiva.com.br/seguranca/politica/?idioma=en

- -------------------------------------------------------------------------
All our advisories and generic update instructions can be viewed at
http://distro.conectiva.com.br/atualizacoes/?idioma=en

- -------------------------------------------------------------------------
Copyright (c) 2004 Conectiva Inc.
http://www.conectiva.com

- -------------------------------------------------------------------------
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQFB58BF42jd0JmAcZARAhHtAJwKjcPAW688XNjjeRV3uy2eDxtasQCgwcVH
f0WgyxuLOqpy/6GPCspKHv0=
=0n9i
-----END PGP SIGNATURE-----

______________________________________________________________________
subscribe: conectiva-updates-subscribe@papaleguas.conectiva.com.br
unsubscribe: conectiva-updates-unsubscribe@papaleguas.conectiva.com.br


Go to the Top of This SecurityTracker Archive Page



Home   |    View Topics   |    Search   |    Contact Us

Copyright 2012, SecurityGlobal.net LLC