Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title MediaWiki: Multiple vulnerabilites
Informations
Name GLSA-201206-09 First vendor Publication 2012-06-21
Vendor Gentoo Last vendor Modification 2012-06-21
Severity (Vendor) High Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score 7.5 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Low
Cvss Expoit Score 10 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities have been found in MediaWiki, the worst of which leading to remote execution of arbitrary code.

Background

The MediaWiki wiki web application as used on wikipedia.org.

Description

Multiple vulnerabilities have been discovered in mediawiki. Please review the CVE identifiers referenced below for details.

Impact

MediaWiki allows remote attackers to bypass authentication, to perform imports from any wgImportSources wiki via a crafted POST request, to conduct cross-site scripting (XSS) attacks or obtain sensitive information, to inject arbitrary web script or HTML, to conduct clickjacking attacks, to execute arbitrary PHP code, to inject arbitrary web script or HTML, to bypass intended access restrictions and to obtain sensitive information.

Workaround

There is no known workaround at this time.

Resolution

All MediaWiki users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/mediawiki-1.18.2"

References

[ 1 ] CVE-2010-2787 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2787
[ 2 ] CVE-2010-2788 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2788
[ 3 ] CVE-2010-2789 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2010-2789
[ 4 ] CVE-2011-0003 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0003
[ 5 ] CVE-2011-0047 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0047
[ 6 ] CVE-2011-0537 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-0537
[ 7 ] CVE-2011-1579 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1579
[ 8 ] CVE-2011-1580 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1580
[ 9 ] CVE-2011-1766 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1766
[ 10 ] CVE-2011-1766 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2011-1766
[ 11 ] CVE-2012-1578 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1578
[ 12 ] CVE-2012-1579 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1579
[ 13 ] CVE-2012-1580 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1580
[ 14 ] CVE-2012-1581 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1581
[ 15 ] CVE-2012-1582 : http://nvd.nist.gov/nvd.cfm?cvename=CVE-2012-1582

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-201206-09.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-201206-09.xml

CWE : Common Weakness Enumeration

% Id Name
21 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)
21 % CWE-20 Improper Input Validation
14 % CWE-352 Cross-Site Request Forgery (CSRF) (CWE/SANS Top 25)
14 % CWE-200 Information Exposure
7 % CWE-287 Improper Authentication
7 % CWE-264 Permissions, Privileges, and Access Controls
7 % CWE-94 Failure to Control Generation of Code ('Code Injection')
7 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 205

OpenVAS Exploits

Date Description
2012-08-10 Name : Gentoo Security Advisory GLSA 201206-09 (MediaWiki)
File : nvt/glsa_201206_09.nasl
2012-02-11 Name : Debian Security Advisory DSA 2366-1 (mediawiki)
File : nvt/deb_2366_1.nasl
2011-05-23 Name : Fedora Update for mediawiki FEDORA-2011-6774
File : nvt/gb_fedora_2011_6774_mediawiki_fc14.nasl
2011-05-23 Name : Fedora Update for mediawiki FEDORA-2011-6775
File : nvt/gb_fedora_2011_6775_mediawiki_fc13.nasl
2011-05-11 Name : MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
File : nvt/gb_mediawiki_profileinfo_xss_vuln.nasl
2011-05-05 Name : Fedora Update for mediawiki FEDORA-2011-5807
File : nvt/gb_fedora_2011_5807_mediawiki_fc13.nasl
2011-05-05 Name : Fedora Update for mediawiki FEDORA-2011-5812
File : nvt/gb_fedora_2011_5812_mediawiki_fc14.nasl
2011-03-05 Name : FreeBSD Ports: mediawiki
File : nvt/freebsd_mediawiki6.nasl
2011-03-04 Name : MediaWiki Frames Processing Clickjacking Information Disclosure Vulnerability
File : nvt/gb_mediawiki_clickjacking_vuln.nasl
2011-02-03 Name : MediaWiki CSS Comments Cross Site Scripting Vulnerability
File : nvt/gb_mediawiki_46108.nasl
2010-08-02 Name : MediaWiki 'api.php' Information Disclosure Vulnerability
File : nvt/gb_MediaWiki_42019.nasl
2010-08-02 Name : MediaWiki 'profileinfo.php' Cross Site Scripting Vulnerability
File : nvt/gb_MediaWiki_42024.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
74621 MediaWiki Transwiki Import wgImportSources Crafted POST Request Remote Import...
74620 MediaWiki Wikitext Parser includes/Sanitizer.php checkCss Function Hex String...
74613 MediaWiki wgBlockDisablesLogin includes/User.php Auth Token Cached Data Multi...
73157 MediaWiki MediaWikiParserTest.php Unspecified Parameter Remote File Inclusion
70799 MediaWiki includes/StubObject.php Language::factory Function Traversal Local ...

MediaWiki contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'includes/StubObject.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'Language::factory' function. This may allow an attacker to include a PHP file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
70798 MediaWiki languages/Language.php Language::factory Function Traversal Local F...

MediaWiki contains a flaw that may allow a remote attacker to execute arbitrary commands or code. The issue is due to the 'languages/Language.php' script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied to the 'Language::factory' function. This may allow an attacker to include a PHP file from the targeted host that contains arbitrary commands or code that will be executed by the vulnerable script. Such attacks are limited due to the script only calling files already on the target host. In addition, this flaw can potentially be used to disclose the contents of any file on the system accessible by the web server.
70770 MediaWiki CSS Comments XSS

MediaWiki contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain input passed via CSS Comments before it is displayed to the user. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
70272 MediaWiki Multiple Unspecified Function Clickjacking

MediaWiki contains a clickjacking flaw. The issue is triggered when an attacker displays the target webpage in a iframe embedded in a malicious website. This may allow a context-dependent attacker to trick a user into clicking a malicious button or link, potentially resulting in total account compromise.
66652 MediaWiki profileinfo.php filter Parameter XSS

MediaWiki contains a flaw that allows a remote cross site scripting (XSS) attack. This flaw exists because the application does not validate the 'filter' parameter upon submission to the 'profileinfo.php' script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server.
66651 MediaWiki api.php Cache-Control HTTP Header Information Disclosure

MediaWiki contains a flaw that may lead to an unauthorized information disclosure.  The issue is triggered when an API operation is requested from 'api.php' via URL or POST parameters, causing the response to contain 'public' cache control headers, which will disclose data to a remote attacker using the same caching HTTP proxy or a local attacker.

Nessus® Vulnerability Scanner

Date Description
2012-06-22 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-201206-09.nasl - Type : ACT_GATHER_INFO
2012-05-02 Name : The remote web server contains a PHP application that is affected by multiple...
File : mediawiki_1_18_2.nasl - Type : ACT_GATHER_INFO
2012-01-12 Name : The remote Debian host is missing a security-related update.
File : debian_DSA-2366.nasl - Type : ACT_GATHER_INFO
2011-05-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-6774.nasl - Type : ACT_GATHER_INFO
2011-05-23 Name : The remote Fedora host is missing a security update.
File : fedora_2011-6775.nasl - Type : ACT_GATHER_INFO
2011-05-19 Name : The remote Fedora host is missing a security update.
File : fedora_2011-6781.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5807.nasl - Type : ACT_GATHER_INFO
2011-05-02 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5812.nasl - Type : ACT_GATHER_INFO
2011-04-27 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5848.nasl - Type : ACT_GATHER_INFO
2011-04-22 Name : The remote Fedora host is missing a security update.
File : fedora_2011-5495.nasl - Type : ACT_GATHER_INFO
2011-04-15 Name : The remote web server hosts a version of MediaWiki that is affected by a cros...
File : mediawiki_1_16_3.nasl - Type : ACT_ATTACK
2011-02-16 Name : The remote web server hosts a version of MediaWiki vulnerable to a cross-site...
File : mediawiki_1_16_2.nasl - Type : ACT_ATTACK
2011-02-09 Name : The remote FreeBSD host is missing a security-related update.
File : freebsd_pkg_8d04cfbd344d11e086690025222482c5.nasl - Type : ACT_GATHER_INFO
2010-07-29 Name : A web application running on the remote host is affected by a cross-site scri...
File : mediawiki_profileinfo_xss.nasl - Type : ACT_ATTACK

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:37:22
  • Multiple Updates