Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

Fernando Quintero discovered than MoinMoin did not properly sanitize its input when processing login requests, resulting in cross-site scripting (XSS) vulnerabilities. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a remote attacker could exploit this to modify the contents, or steal confidential data, within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS. (CVE-2008-0780)

Fernando Quintero discovered that MoinMoin did not properly sanitize its input when attaching files, resulting in cross-site scripting vulnerabilities. This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)

It was discovered that MoinMoin did not properly sanitize its input when processing user forms. A remote attacker could submit crafted cookie values and overwrite arbitrary files via directory traversal.
This issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS.
(CVE-2008-0782)

It was discovered that MoinMoin did not properly sanitize its input when editing pages, resulting in cross-site scripting vulnerabilities.
This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)

It was discovered that MoinMoin did not properly enforce access controls, which could allow a remoter attacker to view private pages.
This issue only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)

It was discovered that MoinMoin did not properly sanitize its input when attaching files and using the rename parameter, resulting in cross-site scripting vulnerabilities. (CVE-2009-0260)

It was discovered that MoinMoin did not properly sanitize its input when displaying error messages after processing spam, resulting in cross-site scripting vulnerabilities. (CVE-2009-0312).

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-200803-27 (MoinMoin: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered:
    A vulnerability exists in the file wikimacro.py because the
    _macro_Getval function does not properly enforce ACLs     (CVE-2008-1099).
    A directory traversal vulnerability exists in the userform action     (CVE-2008-0782).
    A Cross-Site Scripting vulnerability exists in the login action     (CVE-2008-0780).
    Multiple Cross-Site Scripting vulnerabilities exist in the file     action/AttachFile.py when using the message, pagename, and target     filenames (CVE-2008-0781).
    Multiple Cross-Site Scripting vulnerabilities exist in     formatter/text_gedit.py (aka the gui editor formatter) which can be     exploited via a page name or destination page name, which trigger an     injection in the file PageEditor.py (CVE-2008-1098).
  Impact :

    These vulnerabilities can be exploited to allow remote attackers to     inject arbitrary web script or HTML, overwrite arbitrary files, or read     protected pages.
  Workaround :

    There is no known workaround at this time.

Several remote vulnerabilities have been discovered in MoinMoin, a Python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems :

  - CVE-2007-2423     A cross-site-scripting vulnerability has been discovered     in attachment handling.

  - CVE-2007-2637     Access control lists for calendars and includes were     insufficiently enforced, which could lead to information     disclosure.

  - CVE-2008-0780     A cross-site-scripting vulnerability has been discovered     in the login code.

  - CVE-2008-0781     A cross-site-scripting vulnerability has been discovered     in attachment handling.

  - CVE-2008-0782     A directory traversal vulnerability in cookie handling     could lead to local denial of service by overwriting     files.

  - CVE-2008-1098     Cross-site-scripting vulnerabilities have been     discovered in the GUI editor formatter and the code to     delete pages.

  - CVE-2008-1099     The macro code validates access control lists     insufficiently, which could lead to information     disclosure.

MoinMoin Security advisory

XSS issue in login action

XSS issue in AttachFile action

XSS issue in RenamePage/DeletePage action

XSS issue in gui editor

The remote host is running MoinMoin, a wiki application written in Python.

The version of MoinMoin installed on the remote host fails to validate input to the 'MOIN_ID' cookie before using it to read and write user profiles.  By providing the name of a file that exists on the remote host and is writable by the web server user id, an unauthenticated remote attacker may be able to exploit this issue to corrupt files, possibly even injecting arbitrary PHP code that could later be executed subject to the privileges of the web server user id.

ID	Name	Product	Family	Severity
38011	Ubuntu 6.06 LTS / 7.10 / 8.04 LTS / 8.10 : moin vulnerabilities (USN-716-1)	Nessus	Ubuntu Local Security Checks	medium
31614	GLSA-200803-27 : MoinMoin: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
31425	Debian DSA-1514-1 : moin - several vulnerabilities	Nessus	Debian Local Security Checks	medium
31184	FreeBSD : moinmoin -- multiple vulnerabilities (f113bbeb-e3ac-11dc-bb89-000bcdc1757a)	Nessus	FreeBSD Local Security Checks	high
30055	MoinMoin MOIN_ID Cookie userform Action Traversal Arbitrary File Overwrite	Nessus	CGI abuses	high

Detections

Analytics

CVE-2008-0782

critical

Tenable Plugins

medium

medium

medium

high

high