Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: MoinMoin Wiki (path traversal vulnerability)
From: Kurt Seifried <kseifried () redhat com>
Date: Sat, 29 Dec 2012 20:41:28 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 12/29/2012 11:29 AM, Tilmann Haak wrote:
Hi all,

there is a path traversal issue in MoinMoin wiki (version 1.9.3 - 
1.9.5). The vulnerability resides in the AttachFile action
(function _do_attachment_move in action/AttachFile.py). It fails to
properly sanitize file names.

Details can be found at: http://moinmo.in/SecurityFixes

A fix is available at:
http://hg.moinmo.in/moin/1.9/rev/3c27131a3c52

Is it possible to get a CVE number for this one?

kind regards, Tilmann

Please use CVE-2012-6080 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQ37foAAoJEBYNRVNeJnmTbKcP/2oAyAcuPak2580QRo3KdiCB
bxM9LuXfCW3eYqIV3pU/wzuN9N+JVvfmEgstP+EKV+mrumjzjWcyFfcHdsfJGBDh
LzYZsgTM3XiKhOXyaGbv6KNWW9bx1R9HTGPIFRtEiszY253AO/KDXZIB3pRMfWUK
l4I9RB99/o94HSk+Bp9f+cjthIABt6vBZK+EECqIRJxMtguwF15QOjz3P3cyO4OZ
ouM7T73G3iXoZ3svyjuT+oVBjck4DZQy6niZ2LywzZaShRfnZGofcAcCvFAnKspj
lGUhb5YR7k4qSOuAqibnI/OVVMnRTly/ouMcl//OlobpW0lvY6GlMGaRJK6LyfML
W6zr1RCB7nAlp14mZ+8Jl3rBrJ/OyQhH/EsqTCU8Lu3thye4FHstMtqR5kYmDNkf
cdYCU+MT4UR0IuvuZSbXNWz0Rz9Ig9VTPoRui16CpezPtn0QeaqM2624WOLau1TE
MHXZA6w7+92+/yb4RPIHQ+iTx1DKQ2aVjo7poJBFXzPHm8dW1WJQMQFSuAYix61S
b54n4YAFaGThj5IWfnswNHz7qq2g8vpBkent0OIWMAXSdC430/GPdetBI8mmlph1
3894/KQCaE68bIkKzn5lminT4e9UAglsmLRhLg8NkuzH+3SNto/6vwud2quz4AsA
mCyVaMybICzEo2pil/W9
=L88+
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]