Lucene search

K
saintSAINT CorporationSAINT:B5EFEC6198B748AE4A53EE12CE11032A
HistoryApr 06, 2006 - 12:00 a.m.

TWiki revision control shell command injection

2006-04-0600:00:00
SAINT Corporation
download.saintcorporation.com
13

EPSS

0.963

Percentile

99.6%

Added: 04/06/2006
CVE: CVE-2005-2877
BID: 14834
OSVDB: 19403

Background

TWiki is a web-based collaboration platform written in PERL.

Problem

The revision control function in TWiki does not sufficiently check the **rev** parameter before using it in a shell command call. This allows remote attackers to execute arbitrary commands using a **rev** parameter containing shell metacharacters.

Resolution

Apply the patch referenced in CIAC Bulletin P-307.

References

<http://archives.neohapsis.com/archives/bugtraq/2005-09/0154.html&gt;