|
|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200407-09] MoinMoin: Group ACL bypass Vulnerability Scan
Vulnerability Scan Summary
MoinMoin: Group ACL bypass
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200407-09
(MoinMoin: Group ACL bypass)
MoinMoin contains a bug in the code handling administrative group ACLs. A
user created with the same name as an administrative group gains the
rights of the administrative group.
Impact
If an administrative group called AdminGroup existed a possible hacker could
create a user called AdminGroup and gain the rights of the group
AdminGroup. This could lead to unauthorized users gaining administrative
access.
Workaround
For every administrative group with special rights create a user with
the same name as the group.
References:
http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482
http://www.osvdb.org/6704
Solution:
All users should upgrade to the latest available version of MoinMoin, as
follows:
# emerge sync
# emerge -pv ">=net-ww/moinmoin-1.2.2"
# emerge ">=net-ww/moinmoin-1.2.2"
Threat Level: Medium
Click HERE for more information and discussions on this network vulnerability scan.
|
