Bug#386604: marked as done (DokuWiki: "TARGET_FN" Directory Traversal Vulnerability)

Sat, 16 Sep 2006 09:23:37 -0700 

Your message dated Sat, 16 Sep 2006 18:10:05 +0200
with message-id <[EMAIL PROTECTED]>
and subject line Package not affected
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message --- 
Package: dokuwiki
Version: 0.0.20060309-5
Severity: grave
Justification: user security hole


From: http://secunia.com/advisories/21819/

Description:
rgod has discovered a vulnerability in DokuWiki, which can be exploited by 
malicious people to compromise a vulnerable system.

Input passed to the "TARGET_FN" parameter in bin/dwpage.php is not properly 
sanitised before being used to copy files. This can be exploited via directory 
traversal attacks in combination with DokuWiki's file upload feature to execute 
arbitrary PHP code.

The vulnerability is confirmed in version 2006-03-09b. Other versions may also 
be affected,

Solution:
Update to version 2006-03-09c and enable support for .htaccess files.







Versions of packages dokuwiki depends on:
ii  apache2-mpm-prefork [http 2.0.54-5sarge1 traditional model for Apache2
ii  debconf [debconf-2.0]     1.4.30.13      Debian configuration management sy
ii  php4                      4:4.3.10-16    server-side, HTML-embedded scripti
ii  ucf                       1.17           Update Configuration File: preserv

-- debconf information excluded

--- End Message ---
--- Begin Message --- 
The Debian package "dokuwiki" is not affected since "dwpage.php" is
not shipped in the binary package.

Besides that, the Secunia advisory SA21819 seems to be invalid,
because "dwpage.php" is a command line utility to be used locally by
the administrator, who already has full file level access to dokuwiki.
For that reason, it is NOT fixed in upstream 2006-03-09c.

--- End Message ---

Reply via email to