Debian Bug report logs - #386604
DokuWiki: "TARGET_FN" Directory Traversal Vulnerability

version graph

Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortolo.eu>; Source for dokuwiki is src:dokuwiki.

Reported by: Giuseppe Iuculano <giuseppe@iuculano.it>

Date: Fri, 8 Sep 2006 19:33:11 UTC

Severity: grave

Found in version dokuwiki/0.0.20060309-5

Done: Max Kellermann <max@duempel.org>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox


Report forwarded to debian-bugs-dist@lists.debian.org, Matti Pöllä <mpo@iki.fi>:
Bug#386604; Package dokuwiki. Full text and rfc822 format available.

Acknowledgement sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
New Bug report received and forwarded. Copy sent to Matti Pöllä <mpo@iki.fi>. Full text and rfc822 format available.

Message #5 received at submit@bugs.debian.org (full text, mbox):

From: Giuseppe Iuculano <giuseppe@iuculano.it>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: DokuWiki: "TARGET_FN" Directory Traversal Vulnerability
Date: Fri, 08 Sep 2006 21:17:28 +0200
Package: dokuwiki
Version: 0.0.20060309-5
Severity: grave
Justification: user security hole


From: http://secunia.com/advisories/21819/

Description:
rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system.

Input passed to the "TARGET_FN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory traversal attacks in combination with DokuWiki's file upload feature to execute arbitrary PHP code.

The vulnerability is confirmed in version 2006-03-09b. Other versions may also be affected,

Solution:
Update to version 2006-03-09c and enable support for .htaccess files.







Versions of packages dokuwiki depends on:
ii  apache2-mpm-prefork [http 2.0.54-5sarge1 traditional model for Apache2
ii  debconf [debconf-2.0]     1.4.30.13      Debian configuration management sy
ii  php4                      4:4.3.10-16    server-side, HTML-embedded scripti
ii  ucf                       1.17           Update Configuration File: preserv

-- debconf information excluded



Reply sent to Max Kellermann <max@duempel.org>:
You have taken responsibility. Full text and rfc822 format available.

Notification sent to Giuseppe Iuculano <giuseppe@iuculano.it>:
Bug acknowledged by developer. Full text and rfc822 format available.

Message #10 received at 386604-done@bugs.debian.org (full text, mbox):

From: Max Kellermann <max@duempel.org>
To: 386604-done@bugs.debian.org
Subject: Package not affected
Date: Sat, 16 Sep 2006 18:10:05 +0200
The Debian package "dokuwiki" is not affected since "dwpage.php" is
not shipped in the binary package.

Besides that, the Secunia advisory SA21819 seems to be invalid,
because "dwpage.php" is a command line utility to be used locally by
the administrator, who already has full file level access to dokuwiki.
For that reason, it is NOT fixed in upstream 2006-03-09c.




Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Sun, 17 Jun 2007 11:16:04 GMT) Full text and rfc822 format available.

Send a report that this bug log contains spam.


Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Apr 16 16:19:57 2014; Machine Name: beach.debian.org

Debian Bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.