Ubuntu
tikiwiki package

Multiple vulnerabilities allow XSS and reading of arbitrary files

Bug #180702 reported by William Grant
256
Affects Status Importance Assigned to Milestone
tikiwiki (Ubuntu)
Invalid
Undecided
Unassigned
Feisty
Fix Released
High
Emanuele Gentili
Gutsy
Fix Released
High
Emanuele Gentili

Bug Description

Binary package hint: tikiwiki

Cross-site scripting (XSS) vulnerability in tiki-special_chars.php in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or HTML via the area_name parameter.

Directory traversal vulnerability in tiki-listmovies.php in TikiWiki before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and modified filename in the movie parameter.

Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have unknown impact and attack vectors involving (1) tiki-edit_css.php, (2) tiki-list_games.php, or (3) tiki-g-admin_shared_source.php.

Feisty and Gutsy are affected.

William Grant (wgrant)
Changed in tikiwiki:
status: New → Invalid
importance: Undecided → High
status: New → Confirmed
importance: Undecided → High
status: New → Confirmed
Emanuele Gentili (emgent)
Changed in tikiwiki:
assignee: nobody → emgent
status: Confirmed → In Progress
Revision history for this message
Emanuele Gentili (emgent) wrote :
Changed in tikiwiki:
status: In Progress → Confirmed
Revision history for this message
Emanuele Gentili (emgent) wrote :
Emanuele Gentili (emgent)
Changed in tikiwiki:
assignee: nobody → emgent
status: Confirmed → In Progress
status: Confirmed → In Progress
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tikiwiki - 1.9.7+dfsg-2ubuntu1.2

---------------
tikiwiki (1.9.7+dfsg-2ubuntu1.2) gutsy-security; urgency=low

  * SECURITY UPDATE: (LP: #180702)
    + CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
      in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
      HTML via the area_name parameter.
    + CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
      before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
      modified filename in the movie parameter.
    + CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
      unknown impact and attack vectors involving tiki-edit_css.php,
      tiki-g-admin_shared_source.php.
  * debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
    - Applied patch by upstream
  * References
    - CVE-2007-6526
    - CVE-2007-6528
    - CVE-2007-6529

 -- Emanuele Gentili <email address hidden> Sun, 17 Feb 2008 17:44:04 +0100

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package tikiwiki - 1.9.7+dfsg-1ubuntu1.2

---------------
tikiwiki (1.9.7+dfsg-1ubuntu1.2) feisty-security; urgency=low

  [ Emanuele Gentili ]
  * SECURITY UPDATE: (LP: #180702)
    + CVE 2007-6526: Cross-site scripting (XSS) vulnerability in tiki-special_chars.php
      in TikiWiki before 1.9.9 allows remote attackers to inject arbitrary web script or
      HTML via the area_name parameter.
    + CVE 2007-6528: Directory traversal vulnerability in tiki-listmovies.php in TikiWiki
      before 1.9.9 allows remote attackers to read arbitrary files via a .. (dot dot) and
      modified filename in the movie parameter.
    + CVE 2007-6529: Multiple unspecified vulnerabilities in TikiWiki before 1.9.9 have
      unknown impact and attack vectors involving tiki-edit_css.php,
      tiki-g-admin_shared_source.php.
  * debian/patches/91_CVE-2007-6526_CVE-2007-6528_CVE-2007-6529.dpatch
    - Applied patch by upstream
  * References
    - CVE-2007-6526
    - CVE-2007-6528
    - CVE-2007-6529

  [ Jamie Strandboge ]
  * Use dash-compliant syntax in debian/rules

 -- Emanuele Gentili <email address hidden> Sun, 17 Feb 2008 18:12:35 +0100

Changed in tikiwiki:
status: In Progress → Fix Released
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public Security information  
Everyone can see this security related information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.