Re: [oss-security] CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1

From: Josh Bressers <bressers_at_nospam>
Date: Thu Feb 03 2011 - 16:10:22 GMT
To: oss-security@lists.openwall.com

Please use CVE-2011-0537

Thanks.

-- JB ----- Original Message ----- > Greetings, > > MediaWiki 1.16.2 was just released as a security update for two > vulnerabilities. One already has a CVE, but this one still needs one: > > "An arbitrary script inclusion vulnerability was discovered. The > vulnerability only allows execution of files with names ending in > ".php" which are already present in the local filesystem. Only servers > running Microsoft Windows and possibly Novell Netware are affected. > Despite these mitigating factors, all users are advised to upgrade, > since there is a risk of complete server compromise. MediaWiki 1.8.0 > and later is affected. For more details, see bug 27094" > > https://bugzilla.wikimedia.org/show_bug.cgi?id=27094 > > Thanks, > ~reed > > -- > Reed Loden > reed@reedloden.com

This message: [ Message body ]
Next message: Josh Bressers: "Re: [oss-security] CVE request: fuse"
Previous message: Josh Bressers: "Re: [oss-security] CVE request: glibc CVE-2010-3847 fix regression"
In reply to: Reed Loden: "[oss-security] CVE request: Server-side arbitrary script inclusion vulnerability in MediaWiki <=1.16.1"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]