Tag: Security, Security / Home

Security

NAVIGATION
CATEGORIES
REFERRENCE
LINKS
Home » Security

  • TikiWiki:Arbitrary command execution through XML-RPC

    0 answers - 2376 bytes - related search similar search Add To My Delicious Add To My Stumble Upon Add To My Google Mark Add To My Facebook Add To My Digg Add To My Reddit

    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Gentoo Linux Security Advisory GLSA 200507-06
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    http://security.gentoo.org/
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Severity: High
    Title: TikiWiki: Arbitrary command execution through XML-RPC
    Date: July 06, 2005
    Bugs: #97648
    ID: 200507-06
    - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
    Synopsis
    TikiWiki includes PHP XML-RPC code, making it vulnerable to arbitrary
    command execution.
    Background
    TikiWiki is a web-based groupware and content management system (CMS),
    using PHP, AD and Smarty. TikiWiki includes vulnerable PHP XML-RPC
    code.
    Affected packages
    Package / Vulnerable / Unaffected
    1 www-apps/tikiwiki < 1.8.5-r1 >= 1.8.5-r1
    Description
    TikiWiki is vulnerable to arbitrary command execution as described in
    GLSA 200507-01.
    Impact
    A remote attacker could exploit this vulnerability to execute arbitrary
    PHP code by sending specially crafted XML data.
    Workaround
    There is no known workaround at this time.
    Resolution
    All TikiWiki users should upgrade to the latest version:
    # emerge
    # emerge ">=www-apps/tikiwiki-1.8.5-r1"
    References
    [ 1 ] GLSA 200507-01
    [ 2 ] CAN-2005-1921
    Availability
    This GLSA and any updates to it are available for viewing at
    the Gentoo Security Website:
    Concerns?
    Security is a primary focus of Gentoo Linux and ensuring the
    confidentiality and security of our users machines is of utmost
    importance to us. Any security concerns should be addressed to
    security (AT) gentoo (DOT) org or alternatively, you may file a bug at
    http://bugs.gentoo.org.
    License
    Copyright 2005 Gentoo Foundation, Inc; referenced text
    belongs to its owner(s).
    The contents of this document are licensed under the
    Creative Commons - Attribution / Share Alike license.
    Full-Disclosure - We believe in it.
    Charter:
    Hosted and sponsored by Secunia - http://secunia.com/
    PGP SIGNATURE
    Version: GnuPG v1.4.1 (GNU/Linux)
    VAjbS55YEkErGmt6qcV2CcQ=
    =CdhS
    PGP SIGNATURE

Re: TikiWiki:Arbitrary command execution through XML-RPC


max 4000 letters.
Your nickname that display:
In order to stop the spam: 5 + 5 =
QUESTION ON "Security"

EMSDN.COM