Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0438)

Anfälligkeitssuche		Suche in 324607 CVE Beschreibungen und 145615 Test Beschreibungen, Zugriff auf 10,000+ Quellverweise.
	Tests CVE Alle

Test Kennung: 1.3.6.1.4.1.25623.1.1.10.2014.0438

Kategorie: Mageia Linux Local Security Checks

Titel: Mageia: Security Advisory (MGASA-2014-0438)

Zusammenfassung: The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.

Beschreibung: Summary:
The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.

Vulnerability Insight:
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the
root namespace, which allows remote attackers to access arbitrary images via a
media file details ajax call (CVE-2014-8761).

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote
attackers to access arbitrary images via a crafted namespace in the ns
parameter (CVE-2014-8762).

DokuWiki before 2014-05-05b, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a
password starting with a null (\0) character and a valid user name, which
triggers an unauthenticated bind (CVE-2014-8763).

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a user
name and password starting with a null (\0) character, which triggers an
anonymous bind (CVE-2014-8764).

Affected Software/OS:
'dokuwiki' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Querverweis: Common Vulnerability Exposure (CVE) ID: CVE-2014-8761
Debian Security Information: DSA-3059 (Google Search)
http://www.debian.org/security/2014/dsa-3059
https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
http://secunia.com/advisories/61983
Common Vulnerability Exposure (CVE) ID: CVE-2014-8762
BugTraq ID: 70404
http://www.securityfocus.com/bid/70404
Common Vulnerability Exposure (CVE) ID: CVE-2014-8763
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
Common Vulnerability Exposure (CVE) ID: CVE-2014-8764

Copyright Copyright (C) 2022 Greenbone AG

Dies ist nur einer von 145615 Anfälligkeitstests in unserem Testpaket. Finden Sie mehr über unsere vollständigen Sicherheitsüberprüfungen heraus.
Um einen gratis Test für diese Anfälligkeit auf Ihrem System durchlaufen zu lassen, registrieren Sie sich bitte unten.

Test Kennung:	1.3.6.1.4.1.25623.1.1.10.2014.0438
Kategorie:	Mageia Linux Local Security Checks
Titel:	Mageia: Security Advisory (MGASA-2014-0438)
Zusammenfassung:	The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.
Beschreibung:	Summary: The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory. Vulnerability Insight: inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761). The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762). DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind (CVE-2014-8763). DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind (CVE-2014-8764). Affected Software/OS: 'dokuwiki' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Querverweis:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8761 Debian Security Information: DSA-3059 (Google Search) http://www.debian.org/security/2014/dsa-3059 https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://secunia.com/advisories/61983 Common Vulnerability Exposure (CVE) ID: CVE-2014-8762 BugTraq ID: 70404 http://www.securityfocus.com/bid/70404 Common Vulnerability Exposure (CVE) ID: CVE-2014-8763 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication Common Vulnerability Exposure (CVE) ID: CVE-2014-8764
Copyright	Copyright (C) 2022 Greenbone AG