Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

dokuwiki: CVE-2006-2878: remote arbitrary code execution

Related Vulnerabilities: CVE-2006-2878  

Source

Debian Bug report logs - #370369
dokuwiki: CVE-2006-2878: remote arbitrary code execution

version graph

Package: dokuwiki; Maintainer for dokuwiki is Tanguy Ortolo <tanguy+debian@ortolo.eu>; Source for dokuwiki is src:dokuwiki (PTS, buildd, popcon).

Reported by: Hilko Bengen <bengen@hilluzination.de>

Date: Sun, 4 Jun 2006 20:48:16 UTC

Severity: critical

Fixed in version 0.0.20060309-4

Done: Matti Pöllä <mpo@iki.fi>

Bug is archived. No further changes may be made.

Toggle useless messages

View this report as an mbox folder, status mbox, maintainer mbox

Report forwarded to debian-bugs-dist@lists.debian.org, Hilko Bengen <bengen@debian.org>, Matti Pöllä <mpo@iki.fi>:
Bug#370369; Package dokuwiki. (full text, mbox, link).

Acknowledgement sent to Hilko Bengen <bengen@hilluzination.de>:
New Bug report received and forwarded. Copy sent to Hilko Bengen <bengen@debian.org>, Matti Pöllä <mpo@iki.fi>. (full text, mbox, link).

Message #5 received at submit@bugs.debian.org (full text, mbox, reply):

From: Hilko Bengen <bengen@hilluzination.de>
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: dokuwiki: Security flaw in dokuwiki
Date: Sun, 04 Jun 2006 22:35:35 +0200
Package: dokuwiki
Severity: critical

I just got this notice via freshmeat. Arbitrary code execution,
remotely exploitable. No assigned CVE number, yet.

Cheers,
-Hilko

-------------------- Start of forwarded message --------------------
From: <noreply@freshmeat.net>
To: <noreply@freshmeat.net>
Subject: [fmII] Serious security flaw in DokuWiki
Message-Id: <20060604183538.2D03648197@mail.freshmeat.net>
Date: Sun,  4 Jun 2006 11:35:38 -0700 (PDT)

This is an email sent to you by the owners of the freshmeat.net project
record for DokuWiki. All URLs and other useful information can be found
at

    http://freshmeat.net/projects/dokuwiki/

________________________| Subscriber message |_________________________

Sent by: Andreas Gohr 
         http://freshmeat.net/~agohr/

Hello everybody!

Bad news: Stefan Esser from the Hardened-PHP project found a security
problem in DokuWiki's spellchecking backend which allows insertion of
arbitrary PHP code. This is a serious flaw and you should fix this
immediatly.

Users who don't use the spellchecking feature can fix the bug by simply
deleting the lib/exe/spellcheck.php file.

Detailed infos on how to fix the problem properly are available at
http://bugs.splitbrain.org/?do=details&id=823

The package available for download at
http://www.splitbrain.org/go/dokuwiki was fixed for this bug and another
minor XSS bug described at http://bugs.splitbrain.org/?do=details&id=820

Regards,
Andi 
__________________________| End of message |___________________________

[...]

-------------------- End of forwarded message --------------------

Tags added: pending Request was from Matti Pöllä <mpo@iki.fi> to control@bugs.debian.org. (full text, mbox, link).

Information forwarded to debian-bugs-dist@lists.debian.org:
Bug#370369; Package dokuwiki. (full text, mbox, link).

Acknowledgement sent to Matti Pöllä <mpo@iki.fi>:
Extra info received and forwarded to list. (full text, mbox, link).

Message #12 received at 370369@bugs.debian.org (full text, mbox, reply):

From: Matti Pöllä <mpo@iki.fi>
To: 370369@bugs.debian.org, 370785@bugs.debian.org
Subject: Fixes for 370369 and 370785 available
Date: Sun, 11 Jun 2006 01:08:31 +0300
[Message part 1 (text/plain, inline)]
Both of the recent security bugs have now been fixed in
dokuwiki_0.0.20060309-4 which will be uploaded (by a sponsor) soon. In
the meantime, the packages are available at

http://users.tkk.fi/~mpolla/debian/

cheers,

-Matti

[signature.asc (application/pgp-signature, inline)]

Changed Bug title. Request was from Alec Berryman <alec@thened.net> to control@bugs.debian.org. (full text, mbox, link).

Reply sent to Matti Pöllä <mpo@iki.fi>:
You have taken responsibility. (full text, mbox, link).

Notification sent to Hilko Bengen <bengen@hilluzination.de>:
Bug acknowledged by developer. (full text, mbox, link).

Message #19 received at 370369-done@bugs.debian.org (full text, mbox, reply):

From: Matti Pöllä <mpo@iki.fi>
To: 370369-done@bugs.debian.org
Subject: done
Date: Fri, 16 Jun 2006 12:30:00 +0300
Version: 0.0.20060309-4

Bug archived. Request was from Debbugs Internal Request <owner@bugs.debian.org> to internal_control@bugs.debian.org. (Tue, 26 Jun 2007 09:52:50 GMT) (full text, mbox, link).

Send a report that this bug log contains spam.

Debian bug tracking system administrator <owner@bugs.debian.org>. Last modified: Wed Jun 19 18:29:48 2019; Machine Name: beach

Debian Bug tracking system

Debbugs is free software and licensed under the terms of the GNU Public License version 2. The current version can be obtained from https://bugs.debian.org/debbugs-source/.

Copyright © 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson, 2005-2017 Don Armstrong, and many other contributors.

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started