Bug 891600 - (CVE-2012-6495) CVE-2012-6495 moin: Multiple directory traversal flaws in twikidraw and anywikidraw
CVE-2012-6495 moin: Multiple directory traversal flaws in twikidraw and anywi...
Status: NEW
Product: Security Response
Classification: Other
Component: vulnerability (Show other bugs)
All Linux
medium Severity medium
: ---
: ---
Assigned To: Red Hat Product Security
: Security
Depends On: 890906 890907
  Show dependency treegraph
Reported: 2013-01-03 06:22 EST by Jan Lieskovsky
Modified: 2015-07-31 02:56 EDT (History)
4 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed:
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

  None (edit)
Description Jan Lieskovsky 2013-01-03 06:22:30 EST
Common Vulnerabilities and Exposures assigned an identifier CVE-2012-6495 to the following vulnerability:

Multiple directory traversal vulnerabilities in the (1) twikidraw (action/twikidraw.py) and (2) anywikidraw (action/anywikidraw.py) actions in MoinMoin before 1.9.6 allow remote authenticated users with write permissions to overwrite arbitrary files via unspecified vectors.  NOTE: this can be leveraged with CVE-2012-6081 to execute arbitrary code.

[1]  http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-6495
[2]  http://www.openwall.com/lists/oss-security/2012/12/29/6
[3]  http://www.openwall.com/lists/oss-security/2012/12/30/4
[4]  https://bugs.launchpad.net/ubuntu/+source/moin/+bug/1094599
[5]  http://hg.moinmo.in/moin/1.9/rev/7e7e1cbb9d3f
[6]  http://moinmo.in/MoinMoinRelease1.9
[7]  http://moinmo.in/SecurityFixes
[8]  http://www.debian.org/security/2012/dsa-2593
[9]  http://ubuntu.com/usn/usn-1680-1
[10] http://secunia.com/advisories/51696
Comment 1 Jan Lieskovsky 2013-01-03 06:25:24 EST
Created moin tracking bugs for this issue

Affects: fedora-all [bug 890906]
Affects: epel-5 [bug 890907]

Note You need to log in before you can comment on or make changes to this bug.