5 - DSA-2024

Executive Summary

This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.

Summary
Title	New moin packages fix cross-site scripting

Informations
Name	DSA-2024	First vendor Publication	2010-03-31
Vendor	Debian	Last vendor Modification	2010-03-31
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA

Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:N/I:P/A:N)
Cvss Base Score	5	Attack Range	Network
Cvss Impact Score	2.9	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitize the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.

In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields.

For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny4.

For the testing (squeeze) and unstable (sid) distribution, these problems will be fixed soon.

We recommend that you upgrade your moin package.

Original Source

Url : http://www.debian.org/security/2010/dsa-2024

CWE : Common Weakness Enumeration

%	Id	Name
21 %	CWE-78	Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection') (CWE/SANS Top 25)
10 %	CWE-79	Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
6 %	CWE-20	Improper Input Validation
4 %	CWE-532	Information Leak Through Log Files
4 %	CWE-284	Access Control (Authorization) Issues
4 %	CWE-276	Incorrect Default Permissions
3 %	CWE-788	Access of Memory Location After End of Buffer (CWE/SANS Top 25)
3 %	CWE-327	Use of a Broken or Risky Cryptographic Algorithm (CWE/SANS Top 25)
3 %	CWE-264	Permissions, Privileges, and Access Controls
3 %	CWE-256	Plaintext Storage of a Password
3 %	CWE-122	Heap-based Buffer Overflow (CWE/SANS Top 25)
3 %	CWE-61	UNIX Symbolic Link (Symlink) Following
3 %	CWE-22	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
1 %	CWE-787	Out-of-bounds Write (CWE/SANS Top 25)
1 %	CWE-778	Insufficient Logging (CWE/SANS Top 25)
1 %	CWE-732	Incorrect Permission Assignment for Critical Resource (CWE/SANS Top 25)
1 %	CWE-640	Weak Password Recovery Mechanism for Forgotten Password
1 %	CWE-613	Insufficient Session Expiration
1 %	CWE-611	Information Leak Through XML External Entity File Disclosure
1 %	CWE-522	Insufficiently Protected Credentials (CWE/SANS Top 25)
1 %	CWE-502	Deserialization of Untrusted Data
1 %	CWE-451	UI Misrepresentation of Critical Information
1 %	CWE-434	Unrestricted Upload of File with Dangerous Type (CWE/SANS Top 25)
1 %	CWE-427	Uncontrolled Search Path Element
1 %	CWE-416	Use After Free
1 %	CWE-400	Uncontrolled Resource Consumption ('Resource Exhaustion')
1 %	CWE-367	Time-of-check Time-of-use (TOCTOU) Race Condition
1 %	CWE-319	Cleartext Transmission of Sensitive Information
1 %	CWE-307	Improper Restriction of Excessive Authentication Attempts (CWE/SANS Top 25)
1 %	CWE-306	Missing Authentication for Critical Function (CWE/SANS Top 25)
1 %	CWE-290	Authentication Bypass by Spoofing
1 %	CWE-285	Improper Access Control (Authorization)
1 %	CWE-269	Improper Privilege Management
1 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer
1 %	CWE-89	Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') (CWE/SANS Top 25)
1 %	CWE-23	Relative Path Traversal

OVAL Definitions

Definition Id: oval:org.mitre.oval:def:13275

Oval ID:	oval:org.mitre.oval:def:13275
Title:	USN-925-1 -- moin vulnerabilities
Description:	It was discovered that MoinMoin did not properly sanitize its input when processing Despam actions, resulting in cross-site scripting vulnerabilities. If a privileged wiki user were tricked into performing the Despam action on a page with a crafted title, a remote attacker could exploit this to execute JavaScript code. It was discovered that the TextCha protection in MoinMoin could be bypassed by submitting a crafted form request. This issue only affected Ubuntu 8.10
Family:	unix	Class:	patch
Reference(s):	USN-925-1 CVE-2010-0828 CVE-2010-1238	Version:	5
Platform(s):	Ubuntu 8.04 Ubuntu 8.10 Ubuntu 9.10 Ubuntu 6.06 Ubuntu 9.04	Product(s):	moin
Definition Synopsis:
Release section Ubuntu 8.04 is installed AND Installed architecture is all AND Packages section python-moinmoin DPKG is earlier than 1.5.8-5.1ubuntu2.4 AND moinmoin-common DPKG is earlier than 1.5.8-5.1ubuntu2.4 OR Release section Ubuntu 8.10 is installed AND Installed architecture is all AND python-moinmoin DPKG is earlier than 1.7.1-1ubuntu1.5 OR Release section Ubuntu 9.10 is installed AND Installed architecture is all AND python-moinmoin DPKG is earlier than 1.8.4-1ubuntu1.2 OR Release section Ubuntu 6.06 is installed AND Installed architecture is all AND Packages section python-moinmoin DPKG is earlier than 1.5.2-1ubuntu2.6 AND moinmoin-common DPKG is earlier than 1.5.2-1ubuntu2.6 AND python2.4-moinmoin DPKG is earlier than 1.5.2-1ubuntu2.6 OR Release section Ubuntu 9.04 is installed AND Installed architecture is all AND python-moinmoin DPKG is earlier than 1.8.2-2ubuntu2.3

Definition Id: oval:org.mitre.oval:def:18244

Oval ID:	oval:org.mitre.oval:def:18244
Title:	DSA-2024-1 moin - cross-site scripting
Description:	Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitise the page name in "Despam" action, allowing remote attackers to perform cross-site scripting (XSS) attacks.
Family:	unix	Class:	patch
Reference(s):	DSA-2024-1 CVE-2010-0828	Version:	7
Platform(s):	Debian GNU/Linux 5.0	Product(s):	moin
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND moin DPKG is earlier than 1.7.1-3+lenny4

Definition Id: oval:org.mitre.oval:def:7093

Oval ID:	oval:org.mitre.oval:def:7093
Title:	DSA-2024 moin -- insufficient input sanitising
Description:	Jamie Strandboge discovered that moin, a python clone of WikiWiki, does not sufficiently sanitise the page name in "Despam" action, allowing remote attackers to perform cross-site scripting attacks. In addition, this update fixes a minor issue in the "textcha" protection, it could be trivially bypassed by blanking the "textcha-question" and "textcha-answer" form fields.
Family:	unix	Class:	patch
Reference(s):	DSA-2024 CVE-2010-0828	Version:	5
Platform(s):	Debian GNU/Linux 5.0	Product(s):	moin
Definition Synopsis:
Debian GNU/Linux 5.0 is installed AND Installed architecture is all AND python-moinmoin is earlier than 1.7.1-3+lenny4

CPE : Common Platform Enumeration

Type	Description	Count
Application	Dell Data Protection Search cpe:2.3:a:dell:data_protection_search::::::::	1
Application	Dell Emc Appsync cpe:2.3:a:dell:emc_appsync::::::::	1
Application	Dell Emc Idrac Service Module cpe:2.3:a:dell:emc_idrac_service_module:3.2.0:::::::* cpe:2.3:a:dell:emc_idrac_service_module:3.1.0:::::::* cpe:2.3:a:dell:emc_idrac_service_module:3.0.2:::::::* cpe:2.3:a:dell:emc_idrac_service_module:3.0.1:::::::*	4
Application	Dell Networker cpe:2.3:a:dell:networker:19.8.0.0:::::::* cpe:2.3:a:dell:networker:19.7.1:::::::* cpe:2.3:a:dell:networker::::::::	3
Application	Dell Powerprotect Data Manager cpe:2.3:a:dell:powerprotect_data_manager:19.12:::::::* cpe:2.3:a:dell:powerprotect_data_manager:19.11:::::::* cpe:2.3:a:dell:powerprotect_data_manager:19.10:::::::* cpe:2.3:a:dell:powerprotect_data_manager::::::::	4
Application	Dell Powerscale Onefs cpe:2.3:a:dell:powerscale_onefs:9.4.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.3.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.2.1:::::::* cpe:2.3:a:dell:powerscale_onefs:9.2.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.1.1:::::::* cpe:2.3:a:dell:powerscale_onefs:9.1.0.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.1.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.0.0.0:::::::* cpe:2.3:a:dell:powerscale_onefs:9.0.0:::::::* cpe:2.3:a:dell:powerscale_onefs:8.2.2:::::::* cpe:2.3:a:dell:powerscale_onefs:8.2.1:::::::* cpe:2.3:a:dell:powerscale_onefs:8.2.0:::::::* cpe:2.3:a:dell:powerscale_onefs::::::::	13
Application	Dell Unity Operating Environment cpe:2.3:a:dell:unity_operating_environment:5.3.0.0.5.120:::::::* cpe:2.3:a:dell:unity_operating_environment::::::::	2
Application	Moinmo Moinmoin cpe:2.3:a:moinmo:moinmoin:1.9.2:::::::* cpe:2.3:a:moinmo:moinmoin:1.8.7:::::::* cpe:2.3:a:moinmo:moinmoin:1.7.1:::::::*	3
Os	Dell Powerscale Onefs cpe:2.3:o:dell:powerscale_onefs::::::::	1

OpenVAS Exploits

Date	Description
2012-10-22	Name : Gentoo Security Advisory GLSA 201210-02 (MoinMoin) File : nvt/glsa_201210_02.nasl
2011-01-24	Name : FreeBSD Ports: moinmoin File : nvt/freebsd_moinmoin6.nasl
2010-06-18	Name : Fedora Update for moin FEDORA-2010-9857 File : nvt/gb_fedora_2010_9857_moin_fc12.nasl
2010-06-18	Name : Fedora Update for moin FEDORA-2010-9876 File : nvt/gb_fedora_2010_9876_moin_fc11.nasl
2010-04-13	Name : MoinMoin Wiki Security Bypass Vulnerability File : nvt/gb_moinmoin_wiki_bypass_vuln.nasl
2010-04-13	Name : MoinMoin 'Despam' Action Cross-Site Scripting Vulnerability File : nvt/gb_moinmoin_wiki_xss_vuln.nasl
2010-04-09	Name : Fedora Update for moin FEDORA-2010-6012 File : nvt/gb_fedora_2010_6012_moin_fc11.nasl
2010-04-09	Name : Fedora Update for moin FEDORA-2010-6134 File : nvt/gb_fedora_2010_6134_moin_fc12.nasl
2010-04-09	Name : Ubuntu Update for moin vulnerabilities USN-925-1 File : nvt/gb_ubuntu_USN_925_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
63619	MoinMoin Multiple Field Textcha Protection Mechanism Bypass
63362	MoinMoin Despam.py Page Name XSS MoinMoin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the page name upon submission to the Despam.py script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Description

63619

MoinMoin Multiple Field Textcha Protection Mechanism Bypass

63362

MoinMoin Despam.py Page Name XSS

MoinMoin contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the page name upon submission to the Despam.py script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.

Nessus® Vulnerability Scanner

Date	Description
2012-10-19	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201210-02.nasl - Type : ACT_GATHER_INFO
2011-01-19	Name : The remote FreeBSD host is missing a security-related update. File : freebsd_pkg_4c0173451d8911e0bbee0014a5e3cda6.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-6012.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-6134.nasl - Type : ACT_GATHER_INFO
2010-07-01	Name : The remote Fedora host is missing a security update. File : fedora_2010-6180.nasl - Type : ACT_GATHER_INFO
2010-04-09	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-925-1.nasl - Type : ACT_GATHER_INFO
2010-04-01	Name : The remote Debian host is missing a security-related update. File : debian_DSA-2024.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.

Date	Informations
2014-02-17 11:29:20	Multiple Updates

Global Informations

Type	Count
CWE ID(s)	72
Oval ID(s)	3
CPE ID(s)	32
osvdb(s)	2
Openvas Exploit(s)	9
Nessus® Exploit(s)	7

	Related
9.8	CVE-2024-22433
8.8	CVE-2024-22454
7.8	CVE-2024-22449
7.8	CVE-2024-22428
7.8	CVE-2024-22228
7.8	CVE-2024-22227
7.8	CVE-2024-22225
7.8	CVE-2024-22224
7.8	CVE-2024-22223
7.8	CVE-2024-22222
7.8	CVE-2024-0170
7.8	CVE-2024-0168
7.8	CVE-2024-0167
7.8	CVE-2024-0166
7.8	CVE-2024-0165
7.8	CVE-2024-0164
7.2	CVE-2024-22445
6.8	CVE-2024-22464
6.5	CVE-2024-22432
6.5	CVE-2024-22226
6.5	CVE-2024-22221
5.5	CVE-2024-22430
5.4	CVE-2024-22230
5.4	CVE-2024-0169
5	CVE-2010-1238
3.5	CVE-2010-0828
0	CVE-2024-28979
0	CVE-2024-28978
0	CVE-2024-28977
0	CVE-2024-28976
0	CVE-2024-28971
0	CVE-2024-28963
0	CVE-2024-28961
0	CVE-2024-25971
0	CVE-2024-25964
0	CVE-2024-25963
0	CVE-2024-25962
0	CVE-2024-25961
0	CVE-2024-25960
0	CVE-2024-25959
0	CVE-2024-25958
0	CVE-2024-25957
0	CVE-2024-25956
0	CVE-2024-25955
0	CVE-2024-25954
0	CVE-2024-25953
0	CVE-2024-25952
0	CVE-2024-25951
0	CVE-2024-25946
0	CVE-2024-25944
0	CVE-2024-25942
0	CVE-2024-24908
0	CVE-2024-24907
0	CVE-2024-24906
0	CVE-2024-24905
0	CVE-2024-24904
0	CVE-2024-24903
0	CVE-2024-24901
0	CVE-2024-24900
0	CVE-2024-22463
0	CVE-2024-22460
0	CVE-2024-22459
0	CVE-2024-22458
0	CVE-2024-22457
0	CVE-2024-22455
0	CVE-2024-22453
0	CVE-2024-22452
0	CVE-2024-22450
0	CVE-2024-22448
0	CVE-2024-22426
0	CVE-2024-22425
0	CVE-2024-0173
0	CVE-2024-0172
0	CVE-2024-0163
0	CVE-2024-0162
0	CVE-2024-0161
0	CVE-2024-0159
0	CVE-2024-0157
0	CVE-2024-0156
0	CVE-2024-0155
0	CVE-2024-0154
Info : listing not affected by your CVSS Env Score

Same Subject	Severity
Login to view 81 more Alert(s)