Debian Bug report logs -
#352077
spip: SQL injection vulnerability in SPIP Spip_acces_doc.PHP
Reported by: Micah Anderson <micah@debian.org>
Date: Thu, 9 Feb 2006 16:18:42 UTC
Severity: normal
Done: Martin Michlmayr <tbm@cyrius.com>
Bug is archived. No further changes may be made.
Toggle useless messages
Report forwarded to debian-bugs-dist@lists.debian.org, Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>:
Bug#352077; Package spip.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>:
New Bug report received and forwarded. Copy sent to Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>.
(full text, mbox, link).
Message #5 received at submit@bugs.debian.org (full text, mbox, reply):
Package: spip
Severity: normal
http://www.securityfocus.com/bid/16551
SPIP is prone to an SQL-injection vulnerability. This issue is due to a
failure in the application to properly sanitize user-supplied input.
Successful exploitation can allow an attacker to bypass authentication,
modify data, or exploit vulnerabilities in the underlying database
implementation. Other attacks may also be possible.
There is a 0day exploit for the remote command execution issue
available:
http://retrogod.altervista.org/spip_182g_shell_inj_xpl.html
http://www.milw0rm.com/id.php?id=1482
http://www.securityfocus.com/bid/16556/exploit
The SQL injection can be triggered via a URL:
http://www.securityfocus.com/bid/16551/exploit
No fix is currently available for the security issues given above. I
recommend to disallow access to spip_rss.php and spip_acces_doc.php3
-- System Information:
Debian Release: testing/unstable
APT prefers unstable
APT policy: (500, 'unstable'), (500, 'testing'), (500, 'stable')
Architecture: i386 (i686)
Shell: /bin/sh linked to /bin/bash
Kernel: Linux 2.6.15-1-686-smp
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1)
Information forwarded to debian-bugs-dist@lists.debian.org, Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>:
Bug#352077; Package spip.
(full text, mbox, link).
Acknowledgement sent to Micah Anderson <micah@debian.org>:
Extra info received and forwarded to list. Copy sent to Gaetan RYCKEBOER <gryckeboer@virtual-net.fr>.
(full text, mbox, link).
Message #10 received at 352077@bugs.debian.org (full text, mbox, reply):
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
This issue has CVE id: CVE-2006-0626
Please reference this id in any changelogs affecting this issue, thanks.
Micah
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)
iD8DBQFD64Te9n4qXRzy1ioRAnE3AJ4iZzWx0Jya8+k7d4dGimB/TBMHbACfYyBx
cFEYPc2b1TmMZQo/D5zEc8M=
=vehr
-----END PGP SIGNATURE-----
Reply sent to Martin Michlmayr <tbm@cyrius.com>:
You have taken responsibility.
(full text, mbox, link).
Notification sent to Micah Anderson <micah@debian.org>:
Bug acknowledged by developer.
(full text, mbox, link).
Message #15 received at 352077-done@bugs.debian.org (full text, mbox, reply):
spip has been removed because it's buggy, has never been part of a
stable release and security issues, see #384385
--
Martin Michlmayr
http://www.cyrius.com/
Bug archived.
Request was from Debbugs Internal Request <owner@bugs.debian.org>
to internal_control@bugs.debian.org.
(Mon, 18 Jun 2007 19:50:47 GMT) (full text, mbox, link).
Send a report that this bug log contains spam.
Debian bug tracking system administrator <owner@bugs.debian.org>.
Last modified:
Wed Jun 19 16:47:18 2019;
Machine Name:
beach
Debian Bug tracking system
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.
Copyright © 1999 Darren O. Benham,
1997,2003 nCipher Corporation Ltd,
1994-97 Ian Jackson,
2005-2017 Don Armstrong, and many other contributors.
Vulmon