CVE-2008-6549
Published: 30 March 2009
The password_checker function in config/multiconfig.py in MoinMoin 1.6.1 uses the cracklib and python-crack features even though they are not thread-safe, which allows remote attackers to cause a denial of service (segmentation fault and crash) via unknown vectors.
Priority
Status
Package | Release | Status |
---|---|---|
moin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
gutsy |
Ignored
(end of life, was needed)
|
|
hardy |
Not vulnerable
(code not present)
|
|
intrepid |
Not vulnerable
(1.7.1-1ubuntu1.1)
|
|
jaunty |
Not vulnerable
(1.8.2-2ubuntu2)
|
|
upstream |
Released
(1.6.2)
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.6/rev/49db7eb1d421 |