A security flaw was found in the way MediaWiki, a wiki engine, performed account creation capability validation for certain IP addresses (IP addresses blocked with GlobalBlocking extension were incorrectly still allowed to create new user accounts). A remote attacker could use this flaw to circumvent the GlobalBlocking account creation prevention mechanism. References: [1] http://www.gossamer-threads.com/lists/wiki/mediawiki/295767 Upstream bug: [2] https://bugzilla.wikimedia.org/show_bug.cgi?id=39824 Upstream patch against the 1.18 version: [3] https://bugzilla.wikimedia.org/show_bug.cgi?id=39824#c0
This issue affects the versions of the mediawiki package, as shipped with Fedora release of 16 and 17. Please schedule an update. -- This issue affects the version of the mediawiki package, as shipped with Fedora EPEL 5. Please schedule an update.
CVE request: http://www.openwall.com/lists/oss-security/2012/08/31/6
Created mediawiki tracking bugs for this issue Affects: fedora-all [bug 853446]
Created mediawiki tracking bugs for this issue Affects: epel-5 [bug 853447]
The CVE identifier of CVE-2012-4380 has been assigned to this issue: http://www.openwall.com/lists/oss-security/2012/08/31/10