LinuxSecurity.com
Share your story
The central voice for Linux and Open Source security news
Home News Topics Advisories HOWTOs Features Newsletters About Register

Welcome!
Sign up!
EnGarde Community
Login
Polls
What is the most important Linux security technology?
 
Advisories
Community
Linux Events
Linux User Groups
Link to Us
Security Center
Book Reviews
Security Dictionary
Security Tips
SELinux
White Papers
Featured Blogs
All About Linux
DanWalsh LiveJournal
Securitydistro
Latest Newsletters
Linux Advisory Watch: September 26th, 2014
Linux Security Week: September 22nd, 2014
Subscribe
LinuxSecurity Newsletters
E-mail:
Choose Lists:
About our Newsletters
RSS Feeds
Get the LinuxSecurity news you want faster with RSS
Powered By

  
Ubuntu: MoinMoin vulnerabilities Print E-mail
User Rating:      How can I rate this item?
Posted by Benjamin D. Thomas   
Ubuntu A flaw was discovered in MoinMoin's debug reporting sanitizer which could lead to a cross-site scripting attack. By tricking a user into viewing a crafted MoinMoin URL, an attacker could execute arbitrary JavaScript as the current MoinMoin user, possibly exposing the user's authentication information for the domain where MoinMoin was hosted.
=========================================================== 
Ubuntu Security Notice USN-423-1          February 20, 2007
moin, moin1.3 vulnerabilities
CVE-2007-0901, CVE-2007-0902
===========================================================

A security issue affects the following Ubuntu releases:

Ubuntu 5.10
Ubuntu 6.06 LTS
Ubuntu 6.10

This advisory also applies to the corresponding versions of
Kubuntu, Edubuntu, and Xubuntu.

The problem can be corrected by upgrading your system to the
following package versions:

Ubuntu 5.10:
  moin                                     1.2.4-1ubuntu2.2
  python-moinmoin                          1.3.4-6ubuntu1.5.10

Ubuntu 6.06 LTS:
  python-moinmoin                          1.5.2-1ubuntu2.2

Ubuntu 6.10:
  python-moinmoin                          1.5.3-1ubuntu1.2

In general, a standard system upgrade is sufficient to effect the
necessary changes.

Details follow:

A flaw was discovered in MoinMoin's debug reporting sanitizer which 
could lead to a cross-site scripting attack.  By tricking a user into 
viewing a crafted MoinMoin URL, an attacker could execute arbitrary 
JavaScript as the current MoinMoin user, possibly exposing the user's 
authentication information for the domain where MoinMoin was hosted.
Only Ubuntu Breezy was vulnerable.  (CVE-2007-0901)

An information leak was discovered in MoinMoin's debug reporting, which 
could expose information about the versions of software running on the 
host system.  MoinMoin administrators can add "show_traceback=0" to
their site configurations to disable debug tracebacks.  (CVE-2007-0902)


Updated packages for Ubuntu 5.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ubuntu1.5.10.diff.gz
      Size/MD5:    45055 cf953c316085948e8dc9611835921bdc
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4-6ubuntu1.5.10.dsc
      Size/MD5:      793 72c93be58cada2d2ea43a6e8904a56ac
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moin1.3_1.3.4.orig.tar.gz
      Size/MD5:  3085225 aff667e7c60c5af2525cd1381f417608
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2.diff.gz
      Size/MD5:    39039 5b3de304bb89b4ae0ca9a0a2a9c4703d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2.dsc
      Size/MD5:      646 49eadc7ac308498b2c53cde03ab8bc72
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4.orig.tar.gz
      Size/MD5:  1142734 4fea82b27079d1db50a38cf06317cfaa

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.2.4-1ubuntu2.2_all.deb
      Size/MD5:   875492 439ce6791bfc4634de3c20f2aedbe025
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/moinmoin-common_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   726416 f91ba8e0a07d25811754b6d4c62a1696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:    50240 579771bff2ed9e979a477d7b5c47c229
    http://security.ubuntu.com/ubuntu/pool/universe/m/moin1.3/python2.3-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   584382 ed7269eefdbb71e2d060c325492cff1d
    http://security.ubuntu.com/ubuntu/pool/main/m/moin1.3/python2.4-moinmoin_1.3.4-6ubuntu1.5.10_all.deb
      Size/MD5:   584386 c914fa345dfdd89dc5896b04f1b02acc

Updated packages for Ubuntu 6.06 LTS:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.2.diff.gz
      Size/MD5:    37929 15194fb653e00c43092afcd7cf7efdcd
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2-1ubuntu2.2.dsc
      Size/MD5:      702 050a5cfec5708d8da0a1a6cc69621696
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.2.orig.tar.gz
      Size/MD5:  3975925 689ed7aa9619aa207398b996d68b4b87

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.2-1ubuntu2.2_all.deb
      Size/MD5:  1507826 a10aea39090b803979f40169b09d9eee
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.2-1ubuntu2.2_all.deb
      Size/MD5:    69418 c0c6ccb72d6086ca701806cc7375ab82
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.2-1ubuntu2.2_all.deb
      Size/MD5:   834508 a0b20e90fd41c46caaf09229e32585e8

Updated packages for Ubuntu 6.10:

  Source archives:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.2.diff.gz
      Size/MD5:    38642 4f9dbe80cf2f2fd62f962fbed248f65a
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3-1ubuntu1.2.dsc
      Size/MD5:      726 379049d45f6684d2bc38f7ea5f722afe
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moin_1.5.3.orig.tar.gz
      Size/MD5:  4187091 e95ec46ee8de9527a39793108de22f7d

  Architecture independent packages:

    http://security.ubuntu.com/ubuntu/pool/main/m/moin/moinmoin-common_1.5.3-1ubuntu1.2_all.deb
      Size/MD5:  1574742 9e686f13fbda8d19c7e10db62b7b522b
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python-moinmoin_1.5.3-1ubuntu1.2_all.deb
      Size/MD5:    73506 8fcda2db454c1492332cb764b081d902
    http://security.ubuntu.com/ubuntu/pool/main/m/moin/python2.4-moinmoin_1.5.3-1ubuntu1.2_all.deb
      Size/MD5:   908884 abae777420f930a54430c6438316a20f


 
< Prev   Next >
    
Partner

 

Latest Features
Peter Smith Releases Linux Network Security Online
Securing a Linux Web Server
Password guessing with Medusa 2.0
Password guessing as an attack vector
Squid and Digest Authentication
Squid and Basic Authentication
Demystifying the Chinese Hacking Industry: Earning 6 Million a Night
Free Online security course (LearnSIA) - A Call for Help
What You Need to Know About Linux Rootkits
Review: A Practical Guide to Fedora and Red Hat Enterprise Linux - Fifth Edition
Yesterday's Edition
Shellshock makes Heartbleed look insignificant
Hacker Group Lizard Squad Takes Down Destiny, Call of Duty, FIFA And More
Partner Sponsor

Community | HOWTOs | Blogs | Features | Book Reviews | Networking
 Security Projects |  Latest News |  Newsletters |  SELinux |  Privacy |  Home
 Hardening |   About Us |   Advertise |   Legal Notice |   RSS |   Guardian Digital
(c)Copyright 2014 Guardian Digital, Inc. All rights reserved.