ikiwiki -- improper symlink verification vulnerability

2007-11-26T00:00:00
ID 31D9FBB4-9D09-11DC-A29D-0016D325A0ED
Type freebsd
Reporter FreeBSD
Modified 2007-11-26T00:00:00

Description

The ikiwiki development team reports:

Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. (But not write to them due to other checks.)