[oss-security] Debian Moin Question

From: Josh Bressers <bressers_at_nospam>
Date: Mon Apr 05 2010 - 18:25:05 GMT
To: oss-security <oss-security@lists.openwall.com>

Hello everyone,

I just ran across this ID from MITRE:

Name: CVE-2010-1238
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100405
Category:
Reference: DEBIAN:DSA-2024
Reference: URL:http://www.debian.org/security/2010/dsa-2024

MoinMoin 1.7.1 allows remote attackers to bypass the textcha
protection mechanism by modifying the textcha-question and
textcha-answer fields to have empty values.

The only data I can find on this is from the Debian DSA, and the
information is quite slim. Can someone shed more light on this flaw?

Thanks.

-- JB

This message: [ Message body ]
Next message: Michael Gilbert: "Re: [oss-security] Debian Moin Question"
Previous message: Eugene Teo: "Re: [oss-security] CVE request: kernel: cifs: cifs_create() NULL pointer dereference"
Next in thread: Michael Gilbert: "Re: [oss-security] Debian Moin Question"
Reply: Michael Gilbert: "Re: [oss-security] Debian Moin Question"
Reply: Giuseppe Iuculano: "Re: [oss-security] Debian Moin Question"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ]