oss-security April 2010 archive
Main Archive Page > Month Archives  > oss-security archives
oss-security: [oss-security] Debian Moin Question

[oss-security] Debian Moin Question

From: Josh Bressers <bressers_at_nospam>
Date: Mon Apr 05 2010 - 18:25:05 GMT
To: oss-security <oss-security@lists.openwall.com>

Hello everyone,

I just ran across this ID from MITRE:

Name: CVE-2010-1238
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100405
Category:
Reference: DEBIAN:DSA-2024
Reference: URL:http://www.debian.org/security/2010/dsa-2024

MoinMoin 1.7.1 allows remote attackers to bypass the textcha
protection mechanism by modifying the textcha-question and
textcha-answer fields to have empty values.

The only data I can find on this is from the Debian DSA, and the
information is quite slim. Can someone shed more light on this flaw?

Thanks.

-- JB