CENTER.HU groups

|

| site-map | e-mail

Archive

Nyomtatóbarát verzió Oldal küldése email-ben

Kapcsolódó linkek:

CAN-2004-1037
Original Source:

www.center.hu / Archive / Security news / january, 2005 / TWiki search string parsing vulnerability

TWiki search string parsing vulnerability

TWiki search string parsing vulnerability

Date Discovered: November 24, 2004
Date Published: January 9, 2005
Last Updated: January 9, 2005

Vulnerability ID: 31966
Discovered by: anonymous
Exploitable Locally: No
Exploitable Remotely: Yes
Impact: Remote attackers can execute arbitrary code.
Root Cause: Software Vulnerability

TWiki contains a vulnerability that can allow remote attackers to execute arbitrary commands. The vulnerability is due to improper filtering of search strings by the search function. Remote attackers can exploit this vulnerability using shell metacharacters and execute arbitrary code.

Recommendations

GLSA 200411-33
Upgrade to www-apps/twiki-20040902 or later from the vendor.

Vendor advisory:

GLSA 200411-33

Affected Technologies

Gentoo Technologies, Inc. : Gentoo Linux 1.4
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc1
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc2
Gentoo Technologies, Inc. : Gentoo Linux 1.4 rc3

References

Mitre CVE: CAN-2004-1037

More information on CA Virus Information Center:
http://www3.ca.com/securityadvisor/vulninfo/vuln.aspx?id=31966

Computer Associates – the Trusted Source of Security Knowledge

2005-01-10 09:22

Back

IT News:

Microsoft revamps Bing to include interactive social sidebar
The three-column interface also includes a ´snapshot´ for more direct interaction with products and places.
2012-05-13 15:36
Adobe Creative Cloud Now Available
Two New Touch Apps for iOS and Adobe Muse Also Shipping
2012-05-13 10:49
Acer G6 series - Super-slim design, inspiring performance
2012-05-12 12:28
Come Explore the VIA Smart Ecosystem at Computex 2012
2012-05-12 12:22
HP tries to beat ultrabook pricing with thin-and-light Sleekbooks
2012-05-11 18:01
MasterCard´s PayPass Wallet will span online, mobile, in-store shopping
2012-05-11 17:45
Google infringed Java copyrights in Android, jury finds
2012-05-11 17:44
After false alarm, no verdict Friday in Oracle Google
2012-05-09 16:34
Lenovo building industrial center to develop tablets, smartphones
2012-05-09 16:33
Facebook´s valuation for IPO will be lower than initially expected
2012-05-06 13:30

Copyright © CENTER.HU Ltd, 2000-2010. All rights reserved

sitemap | privacy policy |

copyrights | new pages |

terms of purchase | contact us

Member of IVSZ
Member of SZEK
Acer Affinity Gold partner
Dell Registered Partner

OKI System Shinrai Partner
XEROX Viszonteladó
APC megbízható szállító
EATON Authorized Partner
Cisco partner

Symantec Software Partner
ESET Partner
FUJITSU partner
LENOVO Premium Partner
IBM Business Partner

PARTNERS: Computerworld.hu | GameStar.hu | PCWorld.hu | SG.hu | PC Guru | Hitel