TWiki Remote Information Disclosure Vulnerability
BID:17268
Info
TWiki Remote Information Disclosure Vulnerability
| Bugtraq ID: | 17268 |
| Class: | Input Validation Error |
| CVE: |
CVE-2006-1386 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 27 2006 12:00AM |
| Updated: | Mar 28 2006 08:13PM |
| Credit: | Kenneth Lavrsen, Sergej Zagursky and Steffen Poulsen are credited with the discovery of this vulnerability. |
| Vulnerable: |
TWiki TWiki 4.0.1 TWiki TWiki 20040903 TWiki TWiki 20040902 TWiki TWiki 20040901 TWiki TWiki 20030201 TWiki TWiki 01-Feb-2003 TWiki TWiki 01-Dec-2001 TWiki TWiki 01-Dec-2000 TWiki TWiki 0 |
| Not Vulnerable: | |
Discussion
TWiki Remote Information Disclosure Vulnerability
TWiki is prone to an information-disclosure vulnerability. The application fails to properly sanitize user-supplied input.
Attackers may gain access to arbitrary, restricted content files with the privileges of the hosting webserver. This can aid in further attacks.
TWiki is prone to an information-disclosure vulnerability. The application fails to properly sanitize user-supplied input.
Attackers may gain access to arbitrary, restricted content files with the privileges of the hosting webserver. This can aid in further attacks.
Exploit / POC
TWiki Remote Information Disclosure Vulnerability
This issue can be exploited through use of a web client.
This issue can be exploited through use of a web client.
Solution / Fix
TWiki Remote Information Disclosure Vulnerability
Solution:
The vendor has released a hotfix. Symantec has not tested the integrity or effectiveness of the hotfix.
Hotfix for rdiff script:
In file twiki/lib/TWiki/UI/RDiff.pm, find sub diff. 10 lines lower in the file you will find the following line:
TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' );
Add the following line immediately after it:
TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} );
CVE-2006-1386_UI_RDiff_pm.diff: Patch for twiki/lib/TWiki/UI/RDiff.pm, TWiki 4.0.1 (See HowToApplyPatch)
Hotfix for preview script:
In file twiki/lib/TWiki/UI/Save.pm find the following lines:
if( $topicExists ) {
( $prevMeta, $prevText ) =
$store->readTopic( undef, $webName, $topic, undef );
if( $prevMeta ) {
foreach my $k ( keys %$prevMeta ) {
Change the call to 'readTopic' to:
$store->readTopic( $user, $webName, $topic, undef );
Solution:
The vendor has released a hotfix. Symantec has not tested the integrity or effectiveness of the hotfix.
Hotfix for rdiff script:
In file twiki/lib/TWiki/UI/RDiff.pm, find sub diff. 10 lines lower in the file you will find the following line:
TWiki::UI::checkTopicExists( $session, $webName, $topic, 'diff' );
Add the following line immediately after it:
TWiki::UI::checkAccess( $session, $webName, $topic, 'view', $session->{user} );
CVE-2006-1386_UI_RDiff_pm.diff: Patch for twiki/lib/TWiki/UI/RDiff.pm, TWiki 4.0.1 (See HowToApplyPatch)
Hotfix for preview script:
In file twiki/lib/TWiki/UI/Save.pm find the following lines:
if( $topicExists ) {
( $prevMeta, $prevText ) =
$store->readTopic( undef, $webName, $topic, undef );
if( $prevMeta ) {
foreach my $k ( keys %$prevMeta ) {
Change the call to 'readTopic' to:
$store->readTopic( $user, $webName, $topic, undef );
References
TWiki Remote Information Disclosure Vulnerability
References:
References: