MoinMoin contains a bug allowing a user to bypass group ACLs (Access Control Lists).
Package | www-apps/moinmoin on all architectures |
---|---|
Affected versions | <= 1.2.1 |
Unaffected versions | >= 1.2.2 |
MoinMoin is a Python clone of WikiWiki, based on PikiPiki.
MoinMoin contains a bug in the code handling administrative group ACLs. A user created with the same name as an administrative group gains the privileges of the administrative group.
If an administrative group called AdminGroup existed an attacker could create a user called AdminGroup and gain the privileges of the group AdminGroup. This could lead to unauthorized users gaining administrative access.
For every administrative group with special privileges create a user with the same name as the group.
All users should upgrade to the latest available version of MoinMoin, as follows:
# emerge sync # emerge -pv ">=www-apps/moinmoin-1.2.2" # emerge ">=www-apps/moinmoin-1.2.2"
Release date
July 11, 2004
Latest revision
May 22, 2006: 02
Severity
normal
Exploitable
remote
Bugzilla entries