GLSA-200801-10 : TikiWiki: Multiple vulnerabilities

critical Nessus Plugin ID 30089

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200801-10 (TikiWiki: Multiple vulnerabilities)

Jesus Olmos Gonzalez from isecauditors reported insufficient sanitization of the 'movies' parameter in file tiki-listmovies.php (CVE-2007-6528).
Mesut Timur from H-Labs discovered that the input passed to the 'area_name' parameter in file tiki-special_chars.php is not properly sanitised before being returned to the user (CVE-2007-6526).
redflo reported multiple unspecified vulnerabilities in files tiki-edit_css.php, tiki-list_games.php, and tiki-g-admin_shared_source.php (CVE-2007-6529).
Impact :

A remote attacker can craft the 'movies' parameter to run a directory traversal attack through a '..' sequence and read the first 1000 bytes of any arbitrary file, or conduct a cross-site scripting (XSS) attack through the 'area_name' parameter. This attack can be exploited to execute arbitrary HTML and script code in a user's browser session, allowing for the theft of browser session data or cookies in the context of the affected website. The impacts of the unspecified vulnerabilities are still unknown.
Workaround :

There is no known workaround at this time.

Solution

All TikiWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/tikiwiki-1.9.9'

See Also

https://security.gentoo.org/glsa/200801-10

Plugin Details

Severity: Critical

ID: 30089

File Name: gentoo_GLSA-200801-10.nasl

Version: 1.16

Type: local

Published: 1/27/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: cpe:/o:gentoo:linux, p-cpe:/a:gentoo:linux:tikiwiki

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Patch Publication Date: 1/23/2008

Reference Information

CVE: CVE-2007-6526, CVE-2007-6528, CVE-2007-6529

CWE: 22, 79

GLSA: 200801-10