ID DSA-3059 Type debian Reporter Debian Modified 2014-10-29T00:00:00
Description
Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.
For the stable distribution (wheezy), these problems have been fixed in version 0.0.20120125b-2+deb7u1.
For the unstable distribution (sid), these problems have been fixed in version 0.0.20140929.a-1.
We recommend that you upgrade your dokuwiki packages.
{"description": "Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.\n\nFor the stable distribution (wheezy), these problems have been fixed in version 0.0.20120125b-2+deb7u1.\n\nFor the unstable distribution (sid), these problems have been fixed in version 0.0.20140929.a-1.\n\nWe recommend that you upgrade your dokuwiki packages.", "id": "DSA-3059", "title": "dokuwiki -- security update", "viewCount": 0, "objectVersion": "1.2", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "cvelist": ["CVE-2014-8764", "CVE-2014-8762", "CVE-2014-8761", "CVE-2014-8763"], "bulletinFamily": "unix", "published": "2014-10-29T00:00:00", "href": "http://www.debian.org/security/dsa-3059", "hash": "2a92f36e0328301b4992820b382107b2d5c55b586cf92e2cd360fc778430dcf3", "history": [], "edition": 1, "reporter": "Debian", "references": [], "lastseen": "2016-09-02T18:26:39", "modified": "2014-10-29T00:00:00", "enchantments": {"vulnersScore": 7.5}, "type": "debian", "affectedPackage": [{"arch": "all", "packageFilename": "dokuwiki_0.0.20120125b-2+deb7u1_all.deb", "OSVersion": "7", "packageName": "dokuwiki", "operator": "lt", "packageVersion": "0.0.20120125b-2+deb7u1", "OS": "Debian GNU/Linux"}]}
{"result": {"cve": [{"id": "CVE-2014-8764", "type": "cve", "title": "CVE-2014-8764", "description": "DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind.", "published": "2014-10-22T10:55:08", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8764", "cvelist": ["CVE-2014-8764"], "lastseen": "2016-09-03T21:31:59"}, {"id": "CVE-2014-8762", "type": "cve", "title": "CVE-2014-8762", "description": "The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.", "published": "2014-10-22T10:55:08", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8762", "cvelist": ["CVE-2014-8762"], "lastseen": "2016-09-03T21:31:58"}, {"id": "CVE-2014-8761", "type": "cve", "title": "CVE-2014-8761", "description": "inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.", "published": "2014-10-22T10:55:08", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:NONE/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8761", "cvelist": ["CVE-2014-8761"], "lastseen": "2016-09-03T21:31:56"}, {"id": "CVE-2014-8763", "type": "cve", "title": "CVE-2014-8763", "description": "DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind.", "published": "2014-10-22T10:55:08", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2014-8763", "cvelist": ["CVE-2014-8763"], "lastseen": "2016-09-03T21:31:58"}], "nessus": [{"id": "DEBIAN_DLA-79.NASL", "type": "nessus", "title": "Debian DLA-79-1 : dokuwiki security update", "description": "This fixes a possibility of bypassing the wiki authentication when an Active Directory is used for LDAP authentication. These two CVE are almost the same, one apparently being a superset of the other. They are fixed together.\n\nCVE-2014-8763\n\nDokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind.\n\nCVE-2014-8764\n\nDokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind.\n\n-- ,--.\n\n\\_\n\nNOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.", "published": "2015-03-26T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82224", "cvelist": ["CVE-2014-8764", "CVE-2014-8763"], "lastseen": "2017-10-29T13:43:33"}, {"id": "DEBIAN_DSA-3059.NASL", "type": "nessus", "title": "Debian DSA-3059-1 : dokuwiki - security update", "description": "Two vulnerabilities have been discovered in dokuwiki. Access control in the media manager was insufficiently restricted and authentication could be bypassed when using Active Directory for LDAP authentication.", "published": "2014-10-30T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=78725", "cvelist": ["CVE-2014-8764", "CVE-2014-8762", "CVE-2014-8761", "CVE-2014-8763"], "lastseen": "2017-10-29T13:38:39"}, {"id": "MANDRIVA_MDVSA-2015-185.NASL", "type": "nessus", "title": "Mandriva Linux Security Advisory : dokuwiki (MDVSA-2015:185)", "description": "Updated dokuwiki packages fix security vulnerabilities :\n\ninc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761).\n\nThe ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762).\n\nDokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\\0) character and a valid user name, which triggers an unauthenticated bind (CVE-2014-8763).\n\nDokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\\0) character, which triggers an anonymous bind (CVE-2014-8764).\n\ndokuwiki-2014-09-29a allows swf (application/x-shockwave-flash) uploads by default. This may be used for Cross-site scripting (XSS) attack which enables attackers to inject client-side script into Web pages viewed by other users. (CVE-2014-9253).\n\nThe dokuwiki-2014-09-29b hotfix source disables swf uploads by default and fixes the CVE-2014-9253 issue.\n\nDokuWiki before 20140929c has a security issue in the ACL plugins remote API component. The plugin failed to check for superuser permissions before executing ACL addition or deletion. This means everybody with permissions to call the XMLRPC API also had permissions to set up their own ACL rules and thus circumventing any existing rules (CVE-2015-2172).\n\nDokuWiki before 20140929d is vulnerable to a cross-site scripting (XSS) issue in the user manager. The user's details were not properly escaped in the user manager's edit form. This allows a registered user to edit her own name (using the change profile option) to include malicious JavaScript code. The code is executed when a super user tries to edit the user via the user manager.", "published": "2015-04-01T00:00:00", "cvss": {"score": 6.5, "vector": "AV:NETWORK/AC:LOW/Au:SINGLE_INSTANCE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.tenable.com/plugins/index.php?view=single&id=82485", "cvelist": ["CVE-2015-2172", "CVE-2014-8764", "CVE-2014-8762", "CVE-2014-8761", "CVE-2014-8763", "CVE-2014-9253"], "lastseen": "2017-10-29T13:35:52"}], "openvas": [{"id": "OPENVAS:703059", "type": "openvas", "title": "Debian Security Advisory DSA 3059-1 (dokuwiki - security update)", "description": "Two vulnerabilities have been discovered in dokuwiki. Access control in\nthe media manager was insufficiently restricted and authentication could\nbe bypassed when using Active Directory for LDAP authentication.", "published": "2014-10-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=703059", "cvelist": ["CVE-2014-8764", "CVE-2014-8762", "CVE-2014-8761", "CVE-2014-8763"], "lastseen": "2017-07-27T10:48:22"}, {"id": "OPENVAS:1361412562310703059", "type": "openvas", "title": "Debian Security Advisory DSA 3059-1 (dokuwiki - security update)", "description": "Two vulnerabilities have been discovered in dokuwiki. Access control in\nthe media manager was insufficiently restricted and authentication could\nbe bypassed when using Active Directory for LDAP authentication.", "published": "2014-10-29T00:00:00", "cvss": {"score": 5.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310703059", "cvelist": ["CVE-2014-8764", "CVE-2014-8762", "CVE-2014-8761", "CVE-2014-8763"], "lastseen": "2018-04-06T11:10:30"}]}}
