TWiki CGI Session File Code Execution Vulnerability

Bugtraq ID:	22378
Class:	Design Error
CVE:	CVE-2007-0669
Remote:	Yes
Local:	No
Published:	Feb 08 2007 12:00AM
Updated:	Feb 12 2007 05:17PM
Credit:	Andrew Moise is credited with the discovery of this vulnerability.
Vulnerable:	TWiki TWiki 4.0.5 TWiki TWiki 4.0.4 TWiki TWiki 4.0.3 TWiki TWiki 4.0.2 TWiki TWiki 4.0.1 TWiki TWiki 0 OpenPKG OpenPKG Stable OpenPKG OpenPKG Current OpenPKG OpenPKG 2-Stable-20061018
Not Vulnerable:	TWiki TWiki 4.1.1

TWiki CGI Session File Code Execution Vulnerability

TWiki is prone to a code-exeuction vulnerability.

Exploiting this issue may allow an attacker to compromise the application and the underlying system; other attacks are also possible.

Versions 4.0.0 to 4.1.0 and all versions using 'SessionPlugin' are vulnerable.

TWiki CGI Session File Code Execution Vulnerability

To exploit this issue an attacker requires write access to the '/tmp' directory of the vulnerable webserver.

TWiki CGI Session File Code Execution Vulnerability

Solution:
The vendor has released a fix to address this issue. Please see the references for more information.


TWiki TWiki 0

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki TWiki 4.0.1

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki TWiki 4.0.2

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki TWiki 4.0.3

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki TWiki 4.0.4

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki TWiki 4.0.5

• TWiki TWikiRelease04x01x01
  http://twiki.org/cgi-bin/view/Codev/TWikiRelease04x01x01

TWiki CGI Session File Code Execution Vulnerability

References:

• Vendor Homepage (Twiki)
  
• Security Alert: Arbitrary code execution in session files (CVE-2007-0669) (TWiki)
  
• TWiki vulnerable to arbitrary code execution via CGI session files (US-CERT)