[Phpwiki-talk] Re: [SECUNIA] PhpWiki

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Thomas Kristensen schrieb:
> In the recent changelog for PhpWiki you describe two security issues.
> http://sourceforge.net/project/shownotes.php?release_id=315974
> 
> I would like some details about who and how this could be exploited,
> also I would like to know if any mitigating factors apply.

problem from 1.3.10 - 1.3.11
* security fix for create ACL: action=edit is now checked for create"

If someone edits the ACL to let someone edit but not create a page, and 
if someone creates a page by using the edit button, the create ACL was 
not ignored.

* fixed possible security problems: allowing only posixly strict 
usernames, and an actual LDAP Injection problem, detected by Steve 
Christey, MITRE.

LDAP auth could have been exploited by using wildcards as the username. 
See the MITRE report about that. (Sorry, no link)

-- 
Reini Urban
http://xarch.tu-graz.ac.at/home/rurban
http://phpwiki.org