blob: e97fe626c67edc79f7704f05344cd2c2b0e6c6cb [file] [log] [blame]
<?xml version="1.0" encoding="utf-8"?>
<glsa id="200411-33">
<title>TWiki: Arbitrary command execution</title>
A bug in the TWiki search function allows an attacker to execute arbitrary
commands with the permissions of the user running TWiki.
<product type="ebuild">www-apps/twiki</product>
<announced>November 24, 2004</announced>
<revised>September 08, 2006: 02</revised>
<package name="www-apps/twiki" auto="yes" arch="*">
<unaffected range="ge">20040902 </unaffected>
<unaffected range="lt">20000000</unaffected>
<vulnerable range="lt">20040902 </vulnerable>
TWiki is a Web-based groupware tool based around the concept of wiki
pages that can be edited by anybody with a Web browser.
The TWiki search function, which uses a shell command executed via the
Perl backtick operator, does not properly escape shell metacharacters
in the user-provided search string.
<impact type="high">
An attacker can insert malicious commands into a search request,
allowing the execution of arbitrary commands with the privileges of the
user running TWiki (usually the Web server user).
There is no known workaround at this time.
All TWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose &quot;&gt;=www-apps/twiki-20040902&quot;</code>
<uri link="">TWiki Security Alert</uri>
<uri link="">CAN-2004-1037</uri>
<metadata tag="requester" timestamp="Mon, 22 Nov 2004 17:14:35 +0000">
<metadata tag="submitter" timestamp="Mon, 22 Nov 2004 23:25:58 +0000">
<metadata tag="bugReady" timestamp="Wed, 24 Nov 2004 08:52:40 +0000">