OpenPKG Security Advisory
OpenPKG-SA-2007.009
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.009 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.009 Advisory Published: 2008-10-06 23:07 UTC Issue Id (internal): OpenPKG-SI-20070211.01 Issue First Created: 2007-02-11 Issue Last Modified: 2007-02-11 Issue Revision: 03
Subject Name: twiki Subject Summary: Wiki Subject Home: http://twiki.org/ Subject Versions: * <= 4.1.0 Vulnerability Id: CVE-2007-0669 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: arbitrary code execution Description: According to a vendor security advisory [0], a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki [1], version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem. References: [0] http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 [1] http://twiki.org/
Primary Package Name: twiki Primary Package Home: http://openpkg.org/go/package/twiki Affected Distribution: Affected Branch: Affected Package: OpenPKG Community 2-STABLE-20061018 twiki-20041030-2.20061018 OpenPKG Community 2-STABLE twiki-20041030-2.20061018 OpenPKG Community CURRENT twiki-4.1.0-20070117 Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2-STABLE-20061018 twiki-4.1.1-2.20070211 OpenPKG Community 2-STABLE twiki-4.1.1-2.20070211 OpenPKG Community CURRENT twiki-4.1.1-20070502
