Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] Robustness patch for TWiki, vulnerability in ImageGall

from [Florian Weimer] Network Security [Permanent Link]
Subject: [Full-Disclosure] Robustness patch for TWiki, vulnerability in ImageGalleryPlugin
Date: Wed, 23 Feb 2005 18:27:41 +0100 
* TWiki robustness patch

After CAN-2004-1037 was discovered in November 2004, I wrote a patch
which systematically replaces unsafe subprocess invocation constructs
in the TWiki source code.  This patch was published, submitted to the
TWiki developers, and they ported it into the DEVELOP branch:

  <http://www.enyo.de/fw/security/notes/twiki-robustness.html>

(A TWiki release which incorporates the changes from the DEVELOP
branch is still pending.)

The TWiki robustness patch should fix all shell command injection
vulnerabilities, once and for all.  It also attempts to prevent
directory traversal attacks, but I'm less confident that I have
plugged all potential holes.  (However, I'm not aware of any directory
traversal vulnerabilities in TWiki, with or without this patch.)

Due to certain circumstances which I'm not at liberty to disclose at
this point, it is STRONGLY RECOMMENDED to apply the patch to any TWiki
installation which is accessible from untrusted networks.  The patch
needs some changes to TWiki.cfg; please read the web page mentioned
above and the enclosed README file carefully.

* ImageGalleryPlugin security issue

ImageGalleryPlugin does not properly guard its configuration options
against unauthorized changes, in particular parts of the ImageMagick
commands used to generate thumbnails.  As a result, it's possible for
anyone who is able to create or edit topics with image galleries to
execute arbitrary shell commands on the web server hosting the
affected TWiki installation.

A patch for this issue is available from the same URL as above:

  <http://www.enyo.de/fw/security/notes/twiki-robustness.html>

The patch depends on the TWiki robustness patch.  Some configuration
changes are required (as explained on the web page).

Vulnerability timeline (for the ImageGalleryPlugin issue):

  2004-11-27 bug discovered and disclosed to the TWiki core developers
  2004-11-29 sent patch to the TWiki core developers
  2004-11-30 sent bug notice and patch to the plugin author
  2004-12-26 sent reminder (and patch) to the TWiki security team
  2005-02-17 sent second reminder, pending disclosure (no reply)
  2005-02-23 uncoordinated public disclosure
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] Robustness patch for TWiki, vulnerability in ImageGalleryPlugin, Florian Weimer <=
Previous by Date:  [SECURITY] [DSA 689-1] New mod_python packages fix information leak, Martin Schulze
Next by Date:  [Full-Disclosure] [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities, Matthias Geerdsen
Previous by Thread:  [SECURITY] [DSA 689-1] New mod_python packages fix information leak, Martin Schulze
Next by Thread:  [Full-Disclosure] [ GLSA 200502-29 ] Cyrus IMAP Server: Multiple overflow vulnerabilities, Matthias Geerdsen
Indexes:  [Date] [Thread] [Top] [All Lists]