MoinMoin Group ACL Bypass

2004-05-04T05:28:58
ID OSVDB:6704
Type osvdb
Reporter Michael Castleman()
Modified 2004-05-04T05:28:58

Description

Vulnerability Description

MoinMoin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a user with the same name as an administrative group. This flaw may lead to a loss of integrity.

Solution Description

Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

MoinMoin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a user with the same name as an administrative group. This flaw may lead to a loss of integrity.

References:

Vendor URL: http://freshmeat.net/projects/moin/ Vendor Specific Advisory URL Secunia Advisory ID:11807 Secunia Advisory ID:12036 Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-09.xml ISS X-Force ID: 16465 CVE-2004-0708 Bugtraq ID: 10568