Gentoo Logo

MoinMoin: Multiple vulnerabilities


1.  Gentoo Linux Security Advisory

Version Information

Advisory Reference GLSA 200803-27 / moinmoin
Release Date March 18, 2008
Latest Revision March 18, 2008: 01
Impact normal
Exploitable remote
Package Vulnerable versions Unaffected versions Architecture(s)
www-apps/moinmoin < 1.6.1 >= 1.6.1 All supported architectures

Related bugreports: #209133


Several vulnerabilities have been reported in MoinMoin Wiki Engine.

2.  Impact Information


MoinMoin is an advanced, easy to use and extensible Wiki Engine.


Multiple vulnerabilities have been discovered:

  • A vulnerability exists in the file because the _macro_Getval function does not properly enforce ACLs (CVE-2008-1099).
  • A directory traversal vulnerability exists in the userform action (CVE-2008-0782).
  • A Cross-Site Scripting vulnerability exists in the login action (CVE-2008-0780).
  • Multiple Cross-Site Scripting vulnerabilities exist in the file action/ when using the message, pagename, and target filenames (CVE-2008-0781).
  • Multiple Cross-Site Scripting vulnerabilities exist in formatter/ (aka the gui editor formatter) which can be exploited via a page name or destination page name, which trigger an injection in the file (CVE-2008-1098).


These vulnerabilities can be exploited to allow remote attackers to inject arbitrary web script or HTML, overwrite arbitrary files, or read protected pages.

3.  Resolution Information


There is no known workaround at this time.


All MoinMoin users should upgrade to the latest version:

Code Listing 3.1: Resolution

# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.1"

4.  References


Page updated March 18, 2008

Summary: This is a Gentoo Linux Security Advisory

Security Team
Contact Address

Donate to support our development efforts.

Copyright 2001-2015 Gentoo Foundation, Inc. Questions, Comments? Contact us.