Package: dokuwiki Version: 0.0.20060309-5 Severity: grave Justification: user security hole
From: http://secunia.com/advisories/21819/ Description: rgod has discovered a vulnerability in DokuWiki, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "TARGET_FN" parameter in bin/dwpage.php is not properly sanitised before being used to copy files. This can be exploited via directory traversal attacks in combination with DokuWiki's file upload feature to execute arbitrary PHP code. The vulnerability is confirmed in version 2006-03-09b. Other versions may also be affected, Solution: Update to version 2006-03-09c and enable support for .htaccess files. Versions of packages dokuwiki depends on: ii apache2-mpm-prefork [http 2.0.54-5sarge1 traditional model for Apache2 ii debconf [debconf-2.0] 1.4.30.13 Debian configuration management sy ii php4 4:4.3.10-16 server-side, HTML-embedded scripti ii ucf 1.17 Update Configuration File: preserv -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
