Search...

Gentoo Security Advisory GLSA 200704-08 (dokuwiki)

2008-09-24T00:00:00

ID OPENVAS:58214
Type openvas
Reporter Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing updates announced in advisory GLSA 200704-08.

                                        
                                            # OpenVAS Vulnerability Test
# $
# Description: Auto generated from Gentoo's XML based advisory
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largely excerpted from the referenced
# advisories, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "DokuWiki is vulnerable to a cross-site scripting attack.";
tag_solution = "All DokuWiki users should upgrade to the latest version:

    # emerge --sync
    # emerge --ask --oneshot --verbose '&gt;=www-apps/dokuwiki-20061106'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-08
http://bugs.gentoo.org/show_bug.cgi?id=163781";
tag_summary = "The remote host is missing updates announced in
advisory GLSA 200704-08.";

                                                                                

if(description)
{
 script_id(58214);
 script_version("$Revision: 6596 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)");
 script_cve_id("CVE-2006-6965");
 script_tag(name:"cvss_base", value:"4.3");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:N/I:P/A:N");
 script_name("Gentoo Security Advisory GLSA 200704-08 (dokuwiki)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com");
 script_family("Gentoo Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/gentoo", "ssh/login/pkg");
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-gentoo.inc");

res = "";
report = "";
if ((res = ispkgvuln(pkg:"www-apps/dokuwiki", unaffected: make_list("ge 20061106"), vulnerable: make_list("lt 20061106"))) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:58214", "type": "openvas", "bulletinFamily": "scanner", "title": "Gentoo Security Advisory GLSA 200704-08 (dokuwiki)", "description": "The remote host is missing updates announced in\nadvisory GLSA 200704-08.", "published": "2008-09-24T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 4.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:NONE/I:PARTIAL/A:NONE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=58214", "reporter": "Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2006-6965"], "lastseen": "2017-07-24T12:49:41", "viewCount": 2, "enchantments": {"score": {"value": 6.0, "vector": "NONE"}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2006-6965"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-6965"]}, {"type": "gentoo", "idList": ["GLSA-200704-08"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200704-08.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6594"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-6965"]}], "rev": 4}, "backreferences": {"references": [{"type": "cve", "idList": ["CVE-2006-6965"]}, {"type": "debiancve", "idList": ["DEBIANCVE:CVE-2006-6965"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200704-08.NASL"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6594"]}, {"type": "ubuntucve", "idList": ["UB:CVE-2006-6965"]}]}, "exploitation": null, "vulnersScore": 6.0}, "pluginID": "58214", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"DokuWiki is vulnerable to a cross-site scripting attack.\";\ntag_solution = \"All DokuWiki users should upgrade to the latest version:\n\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/dokuwiki-20061106'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200704-08\nhttp://bugs.gentoo.org/show_bug.cgi?id=163781\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200704-08.\";\n\n \n\nif(description)\n{\n script_id(58214);\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_cve_id(\"CVE-2006-6965\");\n script_tag(name:\"cvss_base\", value:\"4.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n script_name(\"Gentoo Security Advisory GLSA 200704-08 (dokuwiki)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"www-apps/dokuwiki\", unaffected: make_list(\"ge 20061106\"), vulnerable: make_list(\"lt 20061106\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Gentoo Local Security Checks", "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1646671513}}

{"gentoo": [{"lastseen": "2022-01-17T19:16:47", "description": "### Background\n\nDokuWiki is a simple to use wiki aimed at creating documentation. \n\n### Description\n\nDokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file. \n\n### Impact\n\nAn attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable. This would allow the creation of new lines or fields in the returned HTTP Response header, which would permit the attacker to execute arbitrary scripts in the context of the user's browser. \n\n### Workaround\n\nReplace the following line in lib/exe/fetch.php: \n\n`$MEDIA = getID('media',false); // no cleaning - maybe external`\n\nwith \n\n`$MEDIA = preg_replace('/[\\x00-\\x1F]+/s','',getID('media',false));`\n\n### Resolution\n\nAll DokuWiki users should upgrade to the latest version: \n \n \n # emerge --sync\n # emerge --ask --oneshot --verbose \">=www-apps/dokuwiki-20061106\"", "cvss3": {}, "published": "2007-04-12T00:00:00", "type": "gentoo", "title": "DokuWiki: Cross-site scripting vulnerability", "bulletinFamily": "unix", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6965"], "modified": "2007-04-12T00:00:00", "id": "GLSA-200704-08", "href": "https://security.gentoo.org/glsa/200704-08", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "nessus": [{"lastseen": "2021-08-19T13:14:05", "description": "The remote host is affected by the vulnerability described in GLSA-200704-08 (DokuWiki: XSS vulnerability)\n\n DokuWiki does not sanitize user input to the GET variable 'media' in the fetch.php file.\n Impact :\n\n An attacker could entice a user to click a specially crafted link and inject CRLF characters into the variable. This would allow the creation of new lines or fields in the returned HTTP Response header, which would permit the attacker to execute arbitrary scripts in the context of the user's browser.", "cvss3": {"score": null, "vector": null}, "published": "2007-04-19T00:00:00", "type": "nessus", "title": "GLSA-200704-08 : DokuWiki: XSS vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2006-6965"], "modified": "2021-01-06T00:00:00", "cpe": ["p-cpe:/a:gentoo:linux:dokuwiki", "cpe:/o:gentoo:linux"], "id": "GENTOO_GLSA-200704-08.NASL", "href": "https://www.tenable.com/plugins/nessus/25053", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200704-08.\n#\n# The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(25053);\n script_version(\"1.16\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2006-6965\");\n script_xref(name:\"GLSA\", value:\"200704-08\");\n\n script_name(english:\"GLSA-200704-08 : DokuWiki: XSS vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200704-08\n(DokuWiki: XSS vulnerability)\n\n DokuWiki does not sanitize user input to the GET variable 'media' in\n the fetch.php file.\n \nImpact :\n\n An attacker could entice a user to click a specially crafted link and\n inject CRLF characters into the variable. This would allow the creation\n of new lines or fields in the returned HTTP Response header, which\n would permit the attacker to execute arbitrary scripts in the context\n of the user's browser.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200704-08\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All DokuWiki users should upgrade to the latest version:\n # emerge --sync\n # emerge --ask --oneshot --verbose '>=www-apps/dokuwiki-20061106'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:dokuwiki\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2007/04/12\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2007/04/19\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2007/01/25\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2007-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/dokuwiki\", unaffected:make_list(\"ge 20061106\"), vulnerable:make_list(\"lt 20061106\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());\n else security_warning(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"DokuWiki\");\n}\n", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "debiancve": [{"lastseen": "2022-03-21T07:33:09", "description": "CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.", "cvss3": {}, "published": "2007-01-29T17:28:00", "type": "debiancve", "title": "CVE-2006-6965", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6965"], "modified": "2007-01-29T17:28:00", "id": "DEBIANCVE:CVE-2006-6965", "href": "https://security-tracker.debian.org/tracker/CVE-2006-6965", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "ubuntucve": [{"lastseen": "2021-07-31T02:23:32", "description": "CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e,\nand possibly earlier, allows remote attackers to inject arbitrary HTTP\nheaders and conduct HTTP response splitting attacks via CRLF sequences in\nthe media parameter. NOTE: this issue can be leveraged for XSS attacks.", "cvss3": {}, "published": "2007-01-29T00:00:00", "type": "ubuntucve", "title": "CVE-2006-6965", "bulletinFamily": "info", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6965"], "modified": "2007-01-29T00:00:00", "id": "UB:CVE-2006-6965", "href": "https://ubuntu.com/security/CVE-2006-6965", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}}], "cve": [{"lastseen": "2022-03-23T17:37:37", "description": "CRLF injection vulnerability in lib/exe/fetch.php in DokuWiki 2006-03-09e, and possibly earlier, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in the media parameter. NOTE: this issue can be leveraged for XSS attacks.", "cvss3": {}, "published": "2007-01-29T17:28:00", "type": "cve", "title": "CVE-2006-6965", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "MEDIUM", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "NONE", "availabilityImpact": "NONE", "integrityImpact": "PARTIAL", "baseScore": 4.3, "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 2.9, "obtainUserPrivilege": false}, "cvelist": ["CVE-2006-6965"], "modified": "2017-07-29T01:29:00", "cpe": ["cpe:/a:andreas_gohr:dokuwiki:release_2006-03-09e", "cpe:/a:andreas_gohr:dokuwiki:release_2006-03-09"], "id": "CVE-2006-6965", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-6965", "cvss": {"score": 4.3, "vector": "AV:N/AC:M/Au:N/C:N/I:P/A:N"}, "cpe23": ["cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09e:*:*:*:*:*:*:*", "cpe:2.3:a:andreas_gohr:dokuwiki:release_2006-03-09:*:*:*:*:*:*:*"]}], "securityvulns": [{"lastseen": "2021-06-08T18:45:29", "description": "PHP inclusions, SQL injections, directory traversals, crossite scripting, information leaks, etc.", "edition": 2, "cvss3": {}, "published": "2006-09-08T00:00:00", "title": "Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)", "type": "securityvulns", "bulletinFamily": "software", "cvss2": {}, "cvelist": ["CVE-2007-0704", "CVE-2006-4649", "CVE-2006-6965", "CVE-2006-7006", "CVE-2006-4669", "CVE-2006-4648", "CVE-2007-0145"], "modified": "2006-09-08T00:00:00", "id": "SECURITYVULNS:VULN:6594", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:6594", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}