Updated dokuwiki packages fix security vulnerabilities
Publication date: 31 Oct 2014Modification date: 31 Oct 2014
Type: security
Affected Mageia releases : 3 , 4
CVE: CVE-2014-8761 , CVE-2014-8762 , CVE-2014-8763 , CVE-2014-8764
Description
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761). The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762). DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind (CVE-2014-8763). DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind (CVE-2014-8764).
References
- https://bugs.mageia.org/show_bug.cgi?id=14252
- https://www.dokuwiki.org/changes#release_2014-09-29_hrun
- http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
- http://openwall.com/lists/oss-security/2014/10/16/9
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8761
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8762
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8763
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-8764
SRPMS
4/core
- dokuwiki-20140929-1.1.mga4
3/core
- dokuwiki-20140929-1.1.mga3