Vulnerabilities > CVE-2013-4568 - HTML Injection vulnerability in Mediawiki CSS Tags
Attack vector
NETWORK Attack complexity
MEDIUM Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
Incomplete blacklist vulnerability in Sanitizer::checkCss in MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via certain non-ASCII characters in CSS, as demonstrated using variations of "expression" containing (1) full width characters or (2) IPA extensions, which are converted and rendered by Internet Explorer. Per: http://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"
Vulnerable Configurations
Nessus
NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-290.NASL description Updated mediawiki packages fix security vulnerabilities : Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki last seen 2020-06-01 modified 2020-06-02 plugin id 71510 published 2013-12-18 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71510 title Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2013:290. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(71510); script_version("1.6"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572"); script_bugtraq_id(63757, 63760, 63761); script_xref(name:"MDVSA", value:"2013:290"); script_name(english:"Mandriva Linux Security Advisory : mediawiki (MDVSA-2013:290)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mediawiki packages fix security vulnerabilities : Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572)." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2013-0368.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2013/12/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-1.20.8-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-mysql-1.20.8-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-pgsql-1.20.8-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-sqlite-1.20.8-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2013-21856.NASL description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki last seen 2020-03-17 modified 2013-12-02 plugin id 71149 published 2013-12-02 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71149 title Fedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-21856. # include("compat.inc"); if (description) { script_id(71149); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5394", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4569", "CVE-2013-4572"); script_bugtraq_id(63757, 63760, 63761); script_xref(name:"FEDORA", value:"2013-21856"); script_name(english:"Fedora 19 : mediawiki-1.21.3-1.fc19 (2013-21856)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332> - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572). <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032> Additionally, the following extensions have been updated to fix security issues : - CleanChanges: MediaWiki steward Teles reported that revision-deleted IP's are not correctly hidden when this extension is used (CVE-2013-4569). <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294> - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS vulnerability (CVE-2013-4573). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991> - CentralAuth: MediaWiki developer Platonides reported a login CSRF in CentralAuth (CVE-2012-5394). <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747> Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T42747" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T55032" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T56294" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57332" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57991" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?25def639" ); script_set_attribute( attribute:"solution", value:"Update the affected mediawiki package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:19"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^19([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 19.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC19", reference:"mediawiki-1.21.3-1.fc19")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki"); }NASL family CGI abuses NASL id MEDIAWIKI_1_19_9.NASL description According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. (CVE-2013-4567, CVE-2013-4568) - An error exists related to session IDs and HTTP headers that allows an information disclosure. (CVE-2013-4572) Additionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) : - An input validation error exists related to the last seen 2020-06-01 modified 2020-06-02 plugin id 71500 published 2013-12-17 reporter This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71500 title MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(71500); script_version("1.9"); script_cvs_date("Date: 2018/11/28 22:47:41"); script_cve_id( "CVE-2012-5394", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4569", "CVE-2013-4572", "CVE-2013-4573" ); script_bugtraq_id(63755, 63756, 63757, 63759, 63760, 63761); script_name(english:"MediaWiki < 1.19.9 / 1.20.8 / 1.21.3 Multiple Vulnerabilities"); script_summary(english:"Checks the version of MediaWiki."); script_set_attribute(attribute:"synopsis", value: "The remote web server contains an application that is affected by multiple vulnerabilities."); script_set_attribute(attribute:"description", value: "According to its version number, the instance of MediaWiki running on the remote host is affected by the following vulnerabilities : - Input validation errors exist that allow cross-site scripting attacks. (CVE-2013-4567, CVE-2013-4568) - An error exists related to session IDs and HTTP headers that allows an information disclosure. (CVE-2013-4572) Additionally, the following extensions contain vulnerabilities but are not enabled or installed by default (unless otherwise noted) : - An input validation error exists related to the 'CentralAuth' extension that allows cross-site request forgery (CSRF) attacks. (CVE-2012-5394) - An error exists in the 'CleanChanges' extension that allows an information disclosure related to 'revision-deleted' IP addresses. (CVE-2013-4569) - An input validation error exists in the 'ZeroRatedMobileAccess' extension that allows cross-site scripting attacks. (CVE-2013-4573) Note that Nessus has not tested for these issues but has instead relied on the application's self-reported version number."); # https://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?d9d8f458"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.19#MediaWiki_1.19.9"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.20#MediaWiki_1.20.8"); script_set_attribute(attribute:"see_also", value:"https://www.mediawiki.org/wiki/Release_notes/1.21#MediaWiki_1.21.3"); script_set_attribute(attribute:"solution", value: "Upgrade to MediaWiki version 1.19.9 / 1.20.8 / 1.21.3 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990); script_set_attribute(attribute:"vuln_publication_date", value:"2012/10/03"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/17"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"remote"); script_set_attribute(attribute:"cpe", value:"cpe:/a:mediawiki:mediawiki"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"CGI abuses"); script_copyright(english:"This script is Copyright (C) 2013-2018 and is owned by Tenable, Inc. or an Affiliate thereof."); script_dependencies("mediawiki_detect.nasl"); script_require_keys("Settings/ParanoidReport", "installed_sw/MediaWiki", "www/PHP"); script_require_ports("Services/www", 80); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("http.inc"); include("install_func.inc"); app = "MediaWiki"; get_install_count(app_name:app, exit_if_zero:TRUE); port = get_http_port(default:80, php:TRUE); install = get_single_install( app_name : app, port : port, exit_if_unknown_ver : TRUE ); version = install['version']; install_url = build_url(qs:install['path'], port:port); if (report_paranoia < 2) audit(AUDIT_PARANOID); if ( version =~ "^1\.19\.[0-8]([^0-9]|$)" || version =~ "^1\.20\.[0-7]([^0-9]|$)" || version =~ "^1\.21\.[0-2]([^0-9]|$)" ) { set_kb_item(name:'www/'+port+'/XSS', value:TRUE); set_kb_item(name:'www/'+port+'/XSRF', value:TRUE); if (report_verbosity > 0) { report = '\n URL : ' + install_url + '\n Installed version : ' + version + '\n Fixed versions : 1.19.9 / 1.20.8 / 1.21.3' + '\n'; security_warning(port:port, extra:report); } else security_warning(port); } else audit(AUDIT_WEB_APP_NOT_AFFECTED, app, install_url, version);NASL family Fedora Local Security Checks NASL id FEDORA_2013-21874.NASL description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki last seen 2020-03-17 modified 2013-12-02 plugin id 71150 published 2013-12-02 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71150 title Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-21874. # include("compat.inc"); if (description) { script_id(71150); script_version("1.10"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5394", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4569", "CVE-2013-4572"); script_bugtraq_id(63757, 63760, 63761); script_xref(name:"FEDORA", value:"2013-21874"); script_name(english:"Fedora 18 : mediawiki-1.19.9-1.fc18 (2013-21874)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332> - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572). <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032> Additionally, the following extensions have been updated to fix security issues : - CleanChanges: MediaWiki steward Teles reported that revision-deleted IP's are not correctly hidden when this extension is used (CVE-2013-4569). <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294> - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS vulnerability (CVE-2013-4573). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991> - CentralAuth: MediaWiki developer Platonides reported a login CSRF in CentralAuth (CVE-2012-5394). <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747> Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T42747" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T55032" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T56294" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57332" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57991" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?7ea04af0" ); script_set_attribute( attribute:"solution", value:"Update the affected mediawiki package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/02"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"mediawiki-1.19.9-1.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2014-057.NASL description Updated mediawiki packages fix multiple vulnerabilities : MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451). Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452). During internal review, it was discovered that MediaWiki last seen 2020-06-01 modified 2020-06-02 plugin id 73004 published 2014-03-14 reporter This script is Copyright (C) 2014-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73004 title Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Mandriva Linux Security Advisory MDVSA-2014:057. # The text itself is copyright (C) Mandriva S.A. # include("compat.inc"); if (description) { script_id(73004); script_version("1.7"); script_cvs_date("Date: 2019/08/02 13:32:55"); script_cve_id("CVE-2013-6451", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2242", "CVE-2014-2243", "CVE-2014-2244"); script_bugtraq_id(65003, 65223, 65883, 65906, 65910); script_xref(name:"MDVSA", value:"2014:057"); script_name(english:"Mandriva Linux Security Advisory : mediawiki (MDVSA-2014:057)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value: "The remote Mandriva Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated mediawiki packages fix multiple vulnerabilities : MediaWiki user Michael M reported that the fix for CVE-2013-4568 allowed insertion of escaped CSS values which could pass the CSS validation checks, resulting in XSS (CVE-2013-6451). Chris from RationalWiki reported that SVG files could be uploaded that include external stylesheets, which could lead to XSS when an XSL was used to include JavaScript (CVE-2013-6452). During internal review, it was discovered that MediaWiki's SVG sanitization could be bypassed when the XML was considered invalid (CVE-2013-6453). During internal review, it was discovered that MediaWiki displayed some information about deleted pages in the log API, enhanced RecentChanges, and user watchlists (CVE-2013-6472). Netanel Rubin from Check Point discovered a remote code execution vulnerability in MediaWiki's thumbnail generation for DjVu files. Internal review also discovered similar logic in the PdfHandler extension, which could be exploited in a similar way (CVE-2014-1610). MediaWiki before 1.22.3 does not block unsafe namespaces, such as a W3C XHTML namespace, in uploaded SVG files. Some client software may use these namespaces in a way that results in XSS. This was fixed by disallowing uploading SVG files using non-whitelisted namespaces (CVE-2014-2242). MediaWiki before 1.22.3 performs token comparison that may be vulnerable to timing attacks. This was fixed by making token comparison use constant time (CVE-2014-2243). MediaWiki before 1.22.3 could allow an attacker to perform XSS attacks, due to flaw with link handling in api.php. This was fixed such that it won't find links in the middle of api.php links (CVE-2014-2244). MediaWiki has been updated to version 1.22.3, which fixes these issues, as well as several others. Also, the mediawiki-ldapauthentication and mediawiki-math extensions have been updated to newer versions that are compatible with MediaWiki 1.22. Additionally, the mediawiki-graphviz extension has been obsoleted, due to the fact that it is unmaintained upstream and is vulnerable to cross-site scripting attacks. Note: if you were using the instances feature in these packages to support multiple wiki instances, this feature has now been removed. You will need to maintain separate wiki instances manually." ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0113.html" ); script_set_attribute( attribute:"see_also", value:"http://advisories.mageia.org/MGASA-2014-0124.html" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"MediaWiki thumb.php page Parameter Remote Shell Command Injection"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MediaWiki Thumb.php Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-ldapauthentication"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:mediawiki-sqlite"); script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:business_server:1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/13"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 Tenable Network Security, Inc."); script_family(english:"Mandriva Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux"); if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu); flag = 0; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-1.22.3-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-ldapauthentication-2.0f-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-mysql-1.22.3-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-pgsql-1.22.3-1.mbs1")) flag++; if (rpm_check(release:"MDK-MBS1", reference:"mediawiki-sqlite-1.22.3-1.mbs1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2891.NASL description The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, via specially crafted SVG files, to execute arbitrary script code in the user last seen 2020-03-17 modified 2014-03-31 plugin id 73256 published 2014-03-31 reporter This script is Copyright (C) 2014-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/73256 title Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were # extracted from Debian Security Advisory DSA-2891 # include("compat.inc"); if (description) { script_id(73256); script_version("1.15"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id( "CVE-2013-2031", "CVE-2013-2032", "CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572", "CVE-2013-6452", "CVE-2013-6453", "CVE-2013-6454", "CVE-2013-6472", "CVE-2014-1610", "CVE-2014-2665" ); script_bugtraq_id( 59594, 59595, 63757, 63760, 63761, 65003, 65223, 66600 ); script_xref(name:"DSA", value:"2891"); script_name(english:"Debian DSA-2891-1 : mediawiki, mediawiki-extensions Multiple Vulnerabilities"); script_summary(english:"Checks the dpkg output for the updated packages."); script_set_attribute(attribute:"synopsis", value: "The remote Debian host is missing a security-related update."); script_set_attribute(attribute:"description", value: "The remote Debian host is missing a security update. It is, therefore, affected by multiple vulnerabilities in MediaWiki : - A cross-site scripting (XSS) vulnerability exists due to a failure to validate input before returning it to the user. An unauthenticated, remote attacker can exploit this, via specially crafted SVG files, to execute arbitrary script code in the user's browser session. (CVE-2013-2031) - A flaw exists in the password blocking mechanism due to two different tools being used to block password change requests, these being Special:PasswordReset and Special:ChangePassword, either of which may be bypassed by the method the other prevents. A remote attacker can exploit this issue to change passwords. (CVE-2013-2032) - Multiple flaws exist in Sanitizer::checkCss due to the improper sanitization of user-supplied input. An unauthenticated, remote attacker can exploit these to bypass the blacklist. (CVE-2013-4567, CVE-2013-4568) - A flaw exists due to multiple users being granted the same session ID within HTTP headers. A remote attacker can exploit this to authenticate as another random user. (CVE-2013-4572) - A cross-site scripting (XSS) vulnerability exists in the /includes/libs/XmlTypeCheck.php script due to improper validation of user-supplied input. An unauthenticated, remote attacker can exploit this, via a specially crafted XSL file, to execute arbitrary script code in the user's browser session. (CVE-2013-6452) - A flaw exists in the /includes/upload/UploadBase.php script due to a failure to apply SVG sanitization when XML files are read as invalid. An unauthenticated, remote attacker can exploit this to upload non-sanitized XML files, resulting in an unspecified impact. (CVE-2013-6453) - A stored cross-site (XSS) scripting vulnerability exists in the /includes/Sanitizer.php script due to a failure to properly validate the '-o-link' attribute before returning it to users. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to execute arbitrary script code in the user's browser session. (CVE-2013-6454) - A flaw exists in the log API within the /includes/api/ApiQueryLogEvents.php script that allows an unauthenticated, remote attacker to disclose potentially sensitive information regarding deleted pages. (CVE-2013-6472) - Multiple flaws exist in the PdfHandler_body.php, DjVu.php, Bitmap.php, and ImageHandler.php scripts when DjVu or PDF file upload support is enabled due to improper sanitization of user-supplied input. An authenticated, remote attacker can exploit these, via the use of shell metacharacters, to execute execute arbitrary shell commands. (CVE-2014-1610) - A cross-site request forgery (XSRF) vulnerability exists in the includes/specials/SpecialChangePassword.php script due to a failure to properly handle a correctly authenticated but unintended login attempt. An unauthenticated, remote attacker, by convincing a user to follow a specially crafted link, can exploit this to reset the user's password. (CVE-2014-2665)"); script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=729629"); script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=706601"); script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857"); script_set_attribute(attribute:"see_also", value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=742857"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2031"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-2032"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4567"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4568"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-4572"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6452"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6453"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6454"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2013-6472"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-1610"); script_set_attribute(attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2014-2665"); script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mediawiki"); script_set_attribute(attribute:"see_also", value:"https://packages.debian.org/source/wheezy/mediawiki-extensions"); script_set_attribute(attribute:"see_also", value:"http://www.debian.org/security/2014/dsa-2891"); script_set_attribute(attribute:"solution", value: "Upgrade the mediawiki packages. For the stable distribution (wheezy), these issues have been fixed in version 1:1.19.14+dfsg-0+deb7u1 of the mediawiki package and version 3.5~deb7u1 of the mediawiki-extensions package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"exploit_framework_core", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"MediaWiki thumb.php page Parameter Remote Shell Command Injection"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'MediaWiki Thumb.php Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2014/03/30"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/30"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/03/31"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:mediawiki-extensions"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"Debian Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2014-2020 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); include("misc_func.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); oslevel = get_kb_item("Host/Debian/release"); if (empty_or_null(oslevel)) audit(AUDIT_OS_NOT, "Debian"); if (oslevel !~ "^7\.") audit(AUDIT_OS_NOT, "Debian 7", "Debian " + oslevel); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"7.0", prefix:"mediawiki", reference:"1:1.19.14+dfsg-0+deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-base", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-collection", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-geshi", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-graphviz", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-ldapauth", reference:"3.5~deb7u1")) flag++; if (deb_check(release:"7.0", prefix:"mediawiki-extensions-openid", reference:"3.5~deb7u1")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, xss : TRUE, xsrf : TRUE, extra : deb_report_get() ); } else audit(AUDIT_HOST_NOT, "affected");NASL family Fedora Local Security Checks NASL id FEDORA_2013-22047.NASL description - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki last seen 2020-03-17 modified 2013-12-14 plugin id 71407 published 2013-12-14 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71407 title Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-22047. # include("compat.inc"); if (description) { script_id(71407); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-4567", "CVE-2013-4568", "CVE-2013-4572"); script_bugtraq_id(63757, 63760, 63761); script_xref(name:"FEDORA", value:"2013-22047"); script_name(english:"Fedora 20 : mediawiki-1.21.3-1.fc20 (2013-22047)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: " - Kevin Israel (Wikipedia user PleaseStand) identified and reported two vectors for injecting JavaScript in CSS that bypassed MediaWiki's blacklist (CVE-2013-4567, CVE-2013-4568). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55332> - Internal review while debugging a site issue discovered that MediaWiki and the CentralNotice extension were incorrectly setting cache headers when a user was autocreated, causing the user's session cookies to be cached, and returned to other users (CVE-2013-4572). <https://bugzilla.wikimedia.org/show_bug.cgi?id=53032> Additionally, the following extensions have been updated to fix security issues : - CleanChanges: MediaWiki steward Teles reported that revision-deleted IP's are not correctly hidden when this extension is used (CVE-2013-4569). <https://bugzilla.wikimedia.org/show_bug.cgi?id=54294> - ZeroRatedMobileAccess: Tomasz Chlebowski reported an XSS vulnerability (CVE-2013-4573). <https://bugzilla.wikimedia.org/show_bug.cgi?id=55991> - CentralAuth: MediaWiki developer Platonides reported a login CSRF in CentralAuth (CVE-2012-5394). <https://bugzilla.wikimedia.org/show_bug.cgi?id=40747> Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1030987" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=40747 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T42747" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=53032 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T55032" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=54294 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T56294" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55332 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57332" ); # https://bugzilla.wikimedia.org/show_bug.cgi?id=55991 script_set_attribute( attribute:"see_also", value:"https://phabricator.wikimedia.org/T57991" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-December/123834.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?bb6debb6" ); script_set_attribute( attribute:"solution", value:"Update the affected mediawiki package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:mediawiki"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:20"); script_set_attribute(attribute:"patch_publication_date", value:"2013/11/24"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/12/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^20([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 20.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC20", reference:"mediawiki-1.21.3-1.fc20")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "mediawiki"); }
References
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/122998.html
- http://lists.fedoraproject.org/pipermail/package-announce/2013-December/123011.html
- http://lists.wikimedia.org/pipermail/mediawiki-announce/2013-November/000135.html
- http://secunia.com/advisories/57472
- http://www.debian.org/security/2014/dsa-2891
- http://www.securityfocus.com/bid/63761
- https://bugzilla.wikimedia.org/attachment.cgi?id=13452&action=diff
- https://bugzilla.wikimedia.org/show_bug.cgi?id=55332