1. Gentoo Linux Security Advisory
| Advisory Reference | GLSA 200408-25 / MoinMoin |
| Release Date | August 26, 2004 |
| Latest Revision | May 22, 2006: 02 |
| Impact | normal |
| Exploitable | remote |
| Package | Vulnerable versions | Unaffected versions | Architecture(s) |
| www-apps/moinmoin | <= 1.2.2 | >= 1.2.3 | All supported architectures |
Related bugreports: #57913
MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.
MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
MoinMoin contains two unspecified bugs, one allowing anonymous users elevated access when not using ACLs, and the other in the ACL handling in the PageEditor.
Restrictions on anonymous users were not properly enforced. This could lead to unauthorized users gaining administrative access to functions such as "revert" and "delete". Sites are vulnerable whether or not they are using ACLs.
There is no known workaround.
All users should upgrade to the latest available version of MoinMoin, as follows:
Code Listing 3.1: Resolution |
# emerge sync # emerge -pv ">=www-apps/moinmoin-1.2.3" # emerge ">=www-apps/moinmoin-1.2.3" |