Ubuntu
tikiwiki package

[tikiwiki] Multiple vulnerabilities possibly resulting in the remote execution of arbitrary code

Bug #163833 reported by disabled.user
256
Affects Status Importance Assigned to Milestone
tikiwiki (Ubuntu)
Fix Released
Undecided
Unassigned
Feisty
Fix Released
Undecided
Stephan Rügamer
Gutsy
Fix Released
Undecided
Stephan Rügamer
Hardy
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: tikiwiki

References:
http://www.gentoo.org/security/en/glsa/glsa-200711-19.xml

Quoting:
"Stefan Esser reported that a previous vulnerability (CVE-2007-5423, GLSA 200710-21) was not properly fixed in TikiWiki 1.9.8.1 (CVE-2007-5682). The TikiWiki development team also added several checks to avoid file inclusion.
[...]
A remote attacker could exploit these vulnerabilities to inject arbitrary code with the privileges of the user running the application."

Revision history for this message
disabled.user (disabled.user-deactivatedaccount) wrote :

Adding:
http://www.gentoo.org/security/en/glsa/glsa-200710-21.xml

"ShAnKaR reported that input passed to the "f" array parameter in tiki-graph_formula.php is not properly verified before being used to execute PHP functions.
[...]
An attacker could execute arbitrary code with the rights of the user running the web server by passing a specially crafted parameter string to the tiki-graph_formula.php file."

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

As a reminder:

CVE-2006-6457 CVE-2007-4554

Changed in tikiwiki:
assignee: nobody → shermann
status: New → In Progress
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

CVE-2006-6457 is not for us.

Revision history for this message
Stephan Rügamer (sruegamer) wrote :
Revision history for this message
Stephan Rügamer (sruegamer) wrote :
William Grant (wgrant)
Changed in tikiwiki:
assignee: shermann → nobody
status: In Progress → Fix Released
assignee: nobody → shermann
status: New → In Progress
assignee: nobody → shermann
status: New → In Progress
Revision history for this message
Kees Cook (kees) wrote :

Thanks for preparing this! I've uploaded it to the security queue; it should be published shortly.

Changed in tikiwiki:
status: In Progress → Fix Committed
status: In Progress → Fix Committed
Revision history for this message
Stephan Rügamer (sruegamer) wrote :

tikiwiki (1.9.7+dfsg-2ubuntu1.1) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #163833)
    + CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
      tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows
      remote attackers to inject arbitrary web script or HTML via the username
      parameter. NOTE: this issue might be related to CVE-2006-2635.7.
    + CVE-2007-5423: Eval injection vulnerability in tiki-graph_formula.php in
      TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
      sequences in the f array parameter.
    + CVE-2007-5682: Unspecified vulnerability in tiki-graph_formula.php in
      TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
      vulnerability than CVE-2007-5423.
  * debian/patches/90_CVE-2007-4554.dpatch:
    - Applied patch by upstream
  * debian/patches/90_CVE-2007-5423_CVE-2007-5682.dpatch:
    - Applied patch by upstream
  * References:
    CVE-2007-4554
    CVE-2007-5423
    CVE-2007-5682

 -- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 15:22:52 +0100

Revision history for this message
Stephan Rügamer (sruegamer) wrote :

tikiwiki (1.9.7+dfsg-1ubuntu1.1) feisty-security; urgency=low

  * SECURITY UPDATE: (LP: #163833)
    + CVE-2007-4554: Cross-site scripting (XSS) vulnerability in
      tiki-remind_password.php in Tikiwiki (aka Tiki CMS/Groupware) 1.9.7 allows
      remote attackers to inject arbitrary web script or HTML via the username
      parameter. NOTE: this issue might be related to CVE-2006-2635.7.
    + CVE-2007-5423: Eval injection vulnerability in tiki-graph_formula.php in
      TikiWiki 1.9.8 allows remote attackers to execute arbitrary code via PHP
      sequences in the f array parameter.
    + CVE-2007-5682: Unspecified vulnerability in tiki-graph_formula.php in
      TikiWiki before 1.9.8.2 has unknown impact and attack vectors, a different
      vulnerability than CVE-2007-5423.
  * debian/patches/90_CVE-2007-4554.dpatch:
    - Applied patch by upstream
  * debian/patches/90_CVE-2007-5423_CVE-2007-5682.dpatch:
    - Applied patch by upstream
  * References:
    CVE-2007-4554
    CVE-2007-5423
    CVE-2007-5682

 -- Stephan Hermann <email address hidden> Mon, 26 Nov 2007 15:34:47 +0100

Changed in tikiwiki:
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.