Info

Disclosure

May 04, 2004

Discovery

Unknown

Dates

Exploit

May 04, 2004

Solution

Unknown

Description

MoinMoin contains a flaw that may allow a malicious user to gain access to unauthorized privileges. The issue is triggered when an attacker creates a user with the same name as an administrative group. This flaw may lead to a loss of integrity.

Classification

Location: Remote / Network Access
Attack Type: Authentication Management
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Upgrade to version 1.2.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Products

Jürgen Hermann	MoinMoin	1.1
		1.2
		1.2.1

References

Bugtraq ID: 10568
Secunia Advisory ID: 11807 12036
ISS X-Force ID: 16465
CVE ID: 2004-0708 (see also: NVD)
Vendor URL: http://freshmeat.net/projects/moin/
Other Advisory URL: http://security.gentoo.org/glsa/glsa-200407-09.xml
Vendor Specific Advisory URL: http://sourceforge.net/tracker/index.php?func=detail&aid=948103&group_id=8482&atid=108482

Credit

Michael Castleman -

Direct URL: http://osvdb.org/6704

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Jürgen Hermann

MoinMoin

References

Credit