Vulnerabilities > CVE-2010-0717 - Configuration vulnerability in Moinmo Moinmoin
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The default configuration of cfg.packagepages_actions_excluded in MoinMoin before 1.8.7 does not prevent unsafe package actions, which has unspecified impact and attack vectors.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201210-02.NASL description The remote host is affected by the vulnerability described in GLSA-201210-02 (MoinMoin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitive information and to bypass the textcha protection mechanism. There are several other unknown impacts and attack vectors. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 62632 published 2012-10-19 reporter This script is Copyright (C) 2012-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/62632 title GLSA-201210-02 : MoinMoin: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201210-02. # # The advisory text is Copyright (C) 2001-2015 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(62632); script_version("1.6"); script_cvs_date("Date: 2018/07/11 17:09:26"); script_cve_id("CVE-2010-0668", "CVE-2010-0669", "CVE-2010-0717", "CVE-2010-0828", "CVE-2010-1238", "CVE-2010-2487", "CVE-2010-2969", "CVE-2010-2970", "CVE-2011-1058"); script_bugtraq_id(38023, 39110, 39327, 40549, 46476); script_xref(name:"GLSA", value:"201210-02"); script_name(english:"GLSA-201210-02 : MoinMoin: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201210-02 (MoinMoin: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in MoinMoin. Please review the CVE identifiers referenced below for details. Impact : These vulnerabilities in MoinMoin allow remote users to inject arbitrary web script or HTML, to obtain sensitive information and to bypass the textcha protection mechanism. There are several other unknown impacts and attack vectors. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201210-02" ); script_set_attribute( attribute:"solution", value: "All MoinMoin users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/moinmoin-1.9.4'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:moinmoin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"patch_publication_date", value:"2012/10/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/10/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2018 Tenable Network Security, Inc."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"www-apps/moinmoin", unaffected:make_list("ge 1.9.4"), vulnerable:make_list("lt 1.9.4"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "MoinMoin"); }NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-911-1.NASL description It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user last seen 2020-06-01 modified 2020-06-02 plugin id 45042 published 2010-03-12 reporter Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45042 title Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : moin vulnerabilities (USN-911-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-911-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(45042); script_version("1.12"); script_cvs_date("Date: 2019/09/19 12:54:26"); script_cve_id("CVE-2010-0668", "CVE-2010-0669", "CVE-2010-0717"); script_bugtraq_id(38023); script_xref(name:"USN", value:"911-1"); script_name(english:"Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : moin vulnerabilities (USN-911-1)"); script_summary(english:"Checks dpkg output for updated packages."); script_set_attribute( attribute:"synopsis", value: "The remote Ubuntu host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "It was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or wiki content. (CVE-2010-0668, CVE-2010-0717) It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways. (CVE-2010-0669). Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/911-1/" ); script_set_attribute( attribute:"solution", value: "Update the affected moinmoin-common, python-moinmoin and / or python2.4-moinmoin packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:moinmoin-common"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python-moinmoin"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:python2.4-moinmoin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:6.06:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.04"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:9.10"); script_set_attribute(attribute:"vuln_publication_date", value:"2010/02/26"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2010-2019 Canonical, Inc. / NASL script (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(6\.06|8\.04|8\.10|9\.04|9\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 6.06 / 8.04 / 8.10 / 9.04 / 9.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"6.06", pkgname:"moinmoin-common", pkgver:"1.5.2-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python-moinmoin", pkgver:"1.5.2-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"6.06", pkgname:"python2.4-moinmoin", pkgver:"1.5.2-1ubuntu2.5")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"moinmoin-common", pkgver:"1.5.8-5.1ubuntu2.3")) flag++; if (ubuntu_check(osver:"8.04", pkgname:"python-moinmoin", pkgver:"1.5.8-5.1ubuntu2.3")) flag++; if (ubuntu_check(osver:"8.10", pkgname:"python-moinmoin", pkgver:"1.7.1-1ubuntu1.3")) flag++; if (ubuntu_check(osver:"9.04", pkgname:"python-moinmoin", pkgver:"1.8.2-2ubuntu2.2")) flag++; if (ubuntu_check(osver:"9.10", pkgname:"python-moinmoin", pkgver:"1.8.4-1ubuntu1.1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "moinmoin-common / python-moinmoin / python2.4-moinmoin"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2014.NASL description Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0668 Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. - CVE-2010-0669 MoinMoin does not properly sanitize user profiles. - CVE-2010-0717 The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages. last seen 2020-06-01 modified 2020-06-02 plugin id 45056 published 2010-03-15 reporter This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/45056 title Debian DSA-2014-1 : moin - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2014. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(45056); script_version("1.11"); script_cvs_date("Date: 2019/08/02 13:32:22"); script_cve_id("CVE-2009-4762", "CVE-2010-0668", "CVE-2010-0669", "CVE-2010-0717"); script_bugtraq_id(38023); script_xref(name:"DSA", value:"2014"); script_name(english:"Debian DSA-2014-1 : moin - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Several vulnerabilities have been discovered in moin, a python clone of WikiWiki. The Common Vulnerabilities and Exposures project identifies the following problems : - CVE-2010-0668 Multiple security issues in MoinMoin related to configurations that have a non-empty superuser list, the xmlrpc action enabled, the SyncPages action enabled, or OpenID configured. - CVE-2010-0669 MoinMoin does not properly sanitize user profiles. - CVE-2010-0717 The default configuration of cfg.packagepages_actions_excluded in MoinMoin does not prevent unsafe package actions. In addition, this update fixes an error when processing hierarchical ACLs, which can be exploited to access restricted sub-pages." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=569975" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0668" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0669" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2010-0717" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2010/dsa-2014" ); script_set_attribute( attribute:"solution", value: "Upgrade the moin package. For the stable distribution (lenny), these problems have been fixed in version 1.7.1-3+lenny3." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(16); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:moin"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0"); script_set_attribute(attribute:"patch_publication_date", value:"2010/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2010-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"5.0", prefix:"python-moinmoin", reference:"1.7.1-3+lenny3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
References
- http://hg.moinmo.in/moin/1.8/raw-file/1.8.7/docs/CHANGES
- http://moinmo.in/MoinMoinRelease1.8
- http://secunia.com/advisories/38903
- http://www.debian.org/security/2010/dsa-2014
- http://www.openwall.com/lists/oss-security/2010/02/15/2
- http://www.vupen.com/english/advisories/2010/0600
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56595