Mageia Linux Local Security Checks : Mageia: Security Advisory (MGASA-2014-0438)

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.1.10.2014.0438

Categoría: Mageia Linux Local Security Checks

Título: Mageia: Security Advisory (MGASA-2014-0438)

Resumen: The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.

Descripción: Summary:
The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.

Vulnerability Insight:
inc/template.php in DokuWiki before 2014-05-05a only checks for access to the
root namespace, which allows remote attackers to access arbitrary images via a
media file details ajax call (CVE-2014-8761).

The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote
attackers to access arbitrary images via a crafted namespace in the ns
parameter (CVE-2014-8762).

DokuWiki before 2014-05-05b, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a
password starting with a null (\0) character and a valid user name, which
triggers an unauthenticated bind (CVE-2014-8763).

DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP
authentication, allows remote attackers to bypass authentication via a user
name and password starting with a null (\0) character, which triggers an
anonymous bind (CVE-2014-8764).

Affected Software/OS:
'dokuwiki' package(s) on Mageia 3, Mageia 4.

Solution:
Please install the updated package(s).

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:N/I:P/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2014-8761
Debian Security Information: DSA-3059 (Google Search)
http://www.debian.org/security/2014/dsa-3059
https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204
http://www.openwall.com/lists/oss-security/2014/10/13/3
http://www.openwall.com/lists/oss-security/2014/10/16/9
http://secunia.com/advisories/61983
Common Vulnerability Exposure (CVE) ID: CVE-2014-8762
BugTraq ID: 70404
http://www.securityfocus.com/bid/70404
Common Vulnerability Exposure (CVE) ID: CVE-2014-8763
http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication
Common Vulnerability Exposure (CVE) ID: CVE-2014-8764

Copyright Copyright (C) 2022 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.1.10.2014.0438
Categoría:	Mageia Linux Local Security Checks
Título:	Mageia: Security Advisory (MGASA-2014-0438)
Resumen:	The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory.
Descripción:	Summary: The remote host is missing an update for the 'dokuwiki' package(s) announced via the MGASA-2014-0438 advisory. Vulnerability Insight: inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call (CVE-2014-8761). The ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter (CVE-2014-8762). DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind (CVE-2014-8763). DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind (CVE-2014-8764). Affected Software/OS: 'dokuwiki' package(s) on Mageia 3, Mageia 4. Solution: Please install the updated package(s). CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2014-8761 Debian Security Information: DSA-3059 (Google Search) http://www.debian.org/security/2014/dsa-3059 https://bugs.dokuwiki.org/index.php?do=details&task_id=2647#comment6204 http://www.openwall.com/lists/oss-security/2014/10/13/3 http://www.openwall.com/lists/oss-security/2014/10/16/9 http://secunia.com/advisories/61983 Common Vulnerability Exposure (CVE) ID: CVE-2014-8762 BugTraq ID: 70404 http://www.securityfocus.com/bid/70404 Common Vulnerability Exposure (CVE) ID: CVE-2014-8763 http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication Common Vulnerability Exposure (CVE) ID: CVE-2014-8764
Copyright	Copyright (C) 2022 Greenbone AG