Vulnerabilities > CVE-2010-0668 - Unspecified vulnerability in Moinmo Moinmoin

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN
moinmo
nessus

Summary

Unspecified vulnerability in MoinMoin 1.5.x through 1.7.x, 1.8.x before 1.8.7, and 1.9.x before 1.9.2 has unknown impact and attack vectors, related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-3263.NASL
    descriptionNew upstream release containing security fixes for CVE-2010-0668 and CVE-2010-0669 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47304
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47304
    titleFedora 13 : moin-1.9.2-1.fc13 (2010-3263)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2010-3263.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(47304);
      script_version("1.9");
      script_cvs_date("Date: 2019/08/02 13:32:32");
    
      script_cve_id("CVE-2010-0669");
      script_bugtraq_id(38023);
      script_xref(name:"FEDORA", value:"2010-3263");
    
      script_name(english:"Fedora 13 : moin-1.9.2-1.fc13 (2010-3263)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New upstream release containing security fixes for CVE-2010-0668 and
    CVE-2010-0669
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=565604"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2010-March/036843.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?7683f52b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected moin package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:moin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:13");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2010/03/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2010/07/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2010-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^13([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 13.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC13", reference:"moin-1.9.2-1.fc13")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moin");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1712.NASL
    description - Fixed major security issues in miscellaneous parts of moin - http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES - http://secunia.com/advisories/38444/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47264
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47264
    titleFedora 12 : moin-1.8.7-1.fc12 (2010-1712)
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-201210-02.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-201210-02 (MoinMoin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitive information and to bypass the textcha protection mechanism. There are several other unknown impacts and attack vectors. Workaround : There is no known workaround at this time.
    last seen2020-06-01
    modified2020-06-02
    plugin id62632
    published2012-10-19
    reporterThis script is Copyright (C) 2012-2018 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/62632
    titleGLSA-201210-02 : MoinMoin: Multiple vulnerabilities
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-911-1.NASL
    descriptionIt was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user
    last seen2020-06-01
    modified2020-06-02
    plugin id45042
    published2010-03-12
    reporterUbuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45042
    titleUbuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : moin vulnerabilities (USN-911-1)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2010-1743.NASL
    description - Fixed major security issues in miscellaneous parts of moin - http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES - http://secunia.com/advisories/38444/ Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id47269
    published2010-07-01
    reporterThis script is Copyright (C) 2010-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/47269
    titleFedora 11 : moin-1.8.7-1.fc11 (2010-1743)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-2014.NASL
    descriptionSeveral vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0668 Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. - CVE-2010-0669 MoinMoin does not properly sanitize user profiles. - CVE-2010-0717 The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages.
    last seen2020-06-01
    modified2020-06-02
    plugin id45056
    published2010-03-15
    reporterThis script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/45056
    titleDebian DSA-2014-1 : moin - several vulnerabilities

References