MoinMoin: Multiple vulnerabilities

MoinMoin: Multiple vulnerabilities Several vulnerabilities have been reported in MoinMoin Wiki Engine. moinmoin 2008-03-18 2008-03-18 209133 remote 1.6.1 1.6.1

MoinMoin is an advanced, easy to use and extensible Wiki Engine.

Multiple vulnerabilities have been discovered:

A vulnerability exists in the file wikimacro.py because the _macro_Getval function does not properly enforce ACLs (CVE-2008-1099).
A directory traversal vulnerability exists in the userform action (CVE-2008-0782).
A Cross-Site Scripting vulnerability exists in the login action (CVE-2008-0780).
Multiple Cross-Site Scripting vulnerabilities exist in the file action/AttachFile.py when using the message, pagename, and target filenames (CVE-2008-0781).
Multiple Cross-Site Scripting vulnerabilities exist in formatter/text_gedit.py (aka the gui editor formatter) which can be exploited via a page name or destination page name, which trigger an injection in the file PageEditor.py (CVE-2008-1098).

These vulnerabilities can be exploited to allow remote attackers to inject arbitrary web script or HTML, overwrite arbitrary files, or read protected pages.

There is no known workaround at this time.

All MoinMoin users should upgrade to the latest version:


    # emerge --sync
    # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.1"

CVE-2008-0780 CVE-2008-0781 CVE-2008-0782 CVE-2008-1098 CVE-2008-1099 p-y p-y mfleming