Cyber threats 2014: Bypassing a security policy in DokuWiki

Posted: November 6, 2014 in Vulnerabilities
Tags: ,

Dokuwiki logoUpdated dokuwiki packages fix security vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

Vulnerabilities: Bypassing a security policy in DokuWiki

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 4

CVSSv2 Rating:
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 5.8 / Temporal: 4.3
(AV: N / AC: L / Au: N / C: P / I: N / A: N) = Base Score: 5.0

CVE ID: CVE-2014-8761; CVE-2014-8762, CVE-2014-8763, CVE-2014-8764

Vector of operation: Remote
Impact: Bypassing a security policy, unauthorized disclosure of information

Affected products: DokuWiki
Affected versions: DokuWiki version to 2014-05-05a

DokuWiki

Description:
The vulnerabilities allows malicious people to bypass certain security restrictions.

The vulnerability is due to the fact that the application does not properly validate access rights. This can be exploited to bypass security restrictions and disclose sensitive information.

1. [CVE-2014-8761: vulnerability] – inc/template.php in DokuWiki before 2014-05-05a only checks for access to the root namespace, which allows remote attackers to access arbitrary images via a media file details ajax call.

2. [CVE-2014-8762: vulnerability] – the ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote attackers to access arbitrary images via a crafted namespace in the ns parameter.

3. [CVE-2014-8763: vulnerability] –  allows remote attackers to bypass authentication via a password starting with a null () character and a valid user name, which triggers an unauthenticated bind.

4. [CVE-2014-8764: vulnerability] –  allows remote attackers to bypass authentication via a user name and password starting with a null () character.

Solution: Install the latest version 2014-05-05a from the manufacturer.

References:
https://www.dokuwiki.org/changes
https://github.com/splitbrain/dokuwiki/issues/765


Dokuwiki logoManufacturer URL: http://wiki.splitbrain.org/wiki:dokuwiki

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s