GLSA 200609-10: DokuWiki: Arbitrary command execution
| Severity: | high |
| Title: | DokuWiki: Arbitrary command execution |
| Date: | 09/14/2006 |
| Bugs: | |
| ID: | 200609-10 |
Synopsis
Vulnerabilities in some accessory scripts of DokuWiki allow remote code execution.Background
DokuWiki is a wiki targeted at developer teams, workgroups and small companies. It does not use a database backend.
Affected packages
| Package | Vulnerable | Unaffected | Architecture(s) |
|---|---|---|---|
| www-apps/dokuwiki | < 20060309d | >= 20060309d | All supported architectures |
Description
"rgod" discovered that DokuWiki doesn't sanitize the X-FORWARDED-FOR HTTP header, allowing the injection of arbitrary contents - such as PHP commands - into a file. Additionally, the accessory scripts installed in the "bin" DokuWiki directory are vulnerable to directory traversal attacks, allowing to copy and execute the previously injected code.
Impact
A remote attacker may execute arbitrary PHP (and thus probably system) commands with the permissions of the user running the process serving DokuWiki pages.
Workaround
Disable remote access to the "bin" subdirectory of the DokuWiki installation. Remove the directory if you don't use the scripts in there.
Resolution
All DokuWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309d"
References
Availability
This GLSA and any updates to it are available for viewing at the Gentoo Security Website:
Concerns?
Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.
License
Copyright 2010 Gentoo Foundation, Inc; referenced text belongs to its owner(s). The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.