svn commit: r435444 - head/security/vuxml
Jason Unovitch
junovitch at FreeBSD.org
Sun Mar 5 03:18:07 UTC 2017
Author: junovitch
Date: Sun Mar 5 03:18:05 2017
New Revision: 435444
URL: https://svnweb.freebsd.org/changeset/ports/435444
Log:
Document ikiwiki vulnerabilities
PR: 216665
Reported by: sevan
Security: CVE-2016-9645
Security: CVE-2016-10026
Security: CVE-2017-0356
Security: https://vuxml.FreeBSD.org/freebsd/5ed094a0-0150-11e7-ae1b-002590263bf5.html
Security: https://vuxml.FreeBSD.org/freebsd/7b35a77a-0151-11e7-ae1b-002590263bf5.html
Modified:
head/security/vuxml/vuln.xml
Modified: head/security/vuxml/vuln.xml
==============================================================================
--- head/security/vuxml/vuln.xml Sun Mar 5 03:07:52 2017 (r435443)
+++ head/security/vuxml/vuln.xml Sun Mar 5 03:18:05 2017 (r435444)
@@ -58,6 +58,78 @@ Notes:
* Do not forget port variants (linux-f10-libxml2, libxml2, etc.)
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="7b35a77a-0151-11e7-ae1b-002590263bf5">
+ <topic>ikiwiki -- authentication bypass vulnerability</topic>
+ <affects>
+ <package>
+ <name>ikiwiki</name>
+ <range><lt>3.20170111</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>ikiwiki reports:</p>
+ <blockquote cite="https://ikiwiki.info/security/#index48h2">
+ <p>The ikiwiki maintainers discovered further flaws similar to
+ CVE-2016-9646 in the passwordauth plugin's use of
+ CGI::FormBuilder, with a more serious impact:</p>
+ <p>An attacker who can log in to a site with a password can log in as
+ a different and potentially more privileged user.</p>
+ <p>An attacker who can create a new account can set arbitrary fields
+ in the user database for that account</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2017-0356</cvename>
+ <url>https://ikiwiki.info/security/#index48h2</url>
+ </references>
+ <dates>
+ <discovery>2017-01-11</discovery>
+ <entry>2017-03-05</entry>
+ </dates>
+ </vuln>
+
+ <vuln vid="5ed094a0-0150-11e7-ae1b-002590263bf5">
+ <topic>ikiwiki -- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>ikiwiki</name>
+ <range><lt>3.20161229</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>Mitre reports:</p>
+ <blockquote cite="https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-10026">
+ <p>ikiwiki 3.20161219 does not properly check if a revision changes
+ the access permissions for a page on sites with the git and
+ recentchanges plugins and the CGI interface enabled, which allows
+ remote attackers to revert certain changes by leveraging permissions
+ to change the page before the revision was made.</p>
+ </blockquote>
+ <blockquote cite="https://ikiwiki.info/security/#index47h2">
+ <p>When CGI::FormBuilder->field("foo") is called in list context
+ (and in particular in the arguments to a subroutine that takes named
+ arguments), it can return zero or more values for foo from the CGI
+ request, rather than the expected single value. This breaks the
+ usual Perl parsing convention for named arguments, similar to
+ CVE-2014-1572 in Bugzilla (which was caused by a similar API design
+ issue in CGI.pm).</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2016-10026</cvename>
+ <cvename>CVE-2016-9645</cvename>
+ <url>https://ikiwiki.info/security/#index46h2</url>
+ </references>
+ <dates>
+ <discovery>2016-12-19</discovery>
+ <entry>2017-03-05</entry>
+ </dates>
+ </vuln>
+
<vuln vid="f4eb9a25-fde0-11e6-9ad0-b8aeed92ecc4">
<topic>potrace -- multiple memory failure</topic>
<affects>
More information about the svn-ports-all
mailing list