|
Family: Gentoo Local Security Checks --> Category: infos
[GLSA-200609-20] DokuWiki: Shell command injection and Denial of Service Vulnerability Scan
Vulnerability Scan Summary DokuWiki: Shell command injection and Denial of Service
Detailed Explanation for this Vulnerability Test
The remote host is affected by the vulnerability described in GLSA-200609-20
(DokuWiki: Shell command injection and Denial of Service)
Input validation flaws have been discovered in the image handling of
fetch.php if ImageMagick is used, which is not the default method.
Impact
A remote attacker could exploit the flaws to execute arbitrary shell
commands with the rights of the web server daemon or cause a Denial of
Service.
Workaround
There is no known workaround at this time.
References:
http://www.freelists.org/archives/dokuwiki/09-2006/msg00278.html
Solution:
All DokuWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-20060309e"
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|