CVE-2008-0782

Published: 14 February 2008

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

Priority

Status

Package	Release	Status
moin Launchpad, Ubuntu, Debian	dapper	Released (1.5.2-1ubuntu2.4)
	edgy	Ignored (end of life, was needed)
	feisty	Ignored (end of life, was needed)
	gutsy	Released (1.5.7-3ubuntu2.1)
	hardy	Released (1.5.8-5.1ubuntu2.2)
	intrepid	Not vulnerable
	upstream	Needed
	Patches: vendor: http://www.debian.org/security/2008/dsa-1514 other: http://hg.moinmo.in/moin/1.5/rev/e69a16b6e630

References

https://ubuntu.com/security/notices/USN-716-1
https://www.cve.org/CVERecord?id=CVE-2008-0782
NVD
Launchpad
Debian

Bugs

https://bugs.launchpad.net/bugs/200897

Join the discussion

Ubuntu security updates mailing list
Security announcements mailing list

Canonical is offering Expanded Security Maintenance

Canonical is offering Ubuntu Expanded Security Maintenance (ESM) for security fixes and essential packages.

Find out more about ESM ›