-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ____________________________________________________________________________
Publisher Name: OpenPKG GmbH Publisher Home: http://openpkg.com/ Advisory Id (public): OpenPKG-SA-2007.009 Advisory Type: OpenPKG Security Advisory (SA) Advisory Directory: http://openpkg.com/go/OpenPKG-SA Advisory Document: http://openpkg.com/go/OpenPKG-SA-2007.009 Advisory Published: 2007-02-11 15:50 UTC Issue Id (internal): OpenPKG-SI-20070211.01 Issue First Created: 2007-02-11 Issue Last Modified: 2007-02-11 Issue Revision: 03 ____________________________________________________________________________ Subject Name: twiki Subject Summary: Wiki Subject Home: http://twiki.org/ Subject Versions: * <= 4.1.0 Vulnerability Id: CVE-2007-0669 Vulnerability Scope: global (not OpenPKG specific) Attack Feasibility: run-time Attack Vector: local system Attack Impact: arbitrary code execution Description: According to a vendor security advisory [0], a vulnerability exists in the SessionPlugin extension of the Wiki engine TWiki [1], version up to and including 4.1.0. The vulnerability allows local users to cause TWiki to execute arbitrary Perl code with the privileges of the web server process by creating CGI session files on the local filesystem. References: [0] http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669 [1] http://twiki.org/ ____________________________________________________________________________ Primary Package Name: twiki Primary Package Home: http://openpkg.org/go/package/twiki Corrected Distribution: Corrected Branch: Corrected Package: OpenPKG Community 2-STABLE-20061018 twiki-4.1.1-2.20070211 OpenPKG Community 2-STABLE twiki-4.1.1-2.20070211 OpenPKG Community CURRENT twiki-4.1.1-20070502 ____________________________________________________________________________ For security reasons, this document was digitally signed with the OpenPGP public key of the OpenPKG GmbH (public key id 61B7AE34) which you can download from http://openpkg.com/openpkg.com.pgp or retrieve from the OpenPGP keyserver at hkp://pgp.openpkg.org/. Follow the instructions at http://openpkg.com/security/signatures/ for more details on how to verify the integrity of this document. ____________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG GmbH <http://openpkg.com/> iD8DBQFFzy1MZwQuyWG3rjQRAmHTAKCiy8XaPDOlxjLCtLcYXfQyq7YkxwCfegJ2 Dy4PjiK/y7JMqPAwd4Ek3wk= =CNMJ -----END PGP SIGNATURE-----