Gentoo Security Advisory GLSA 200408-25 (MoinMoin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200408-25.

Solution

All users should upgrade to the latest available version of MoinMoin, as follows: # emerge sync # emerge -pv '>=net-ww/moinmoin-1.2.3' # emerge '>=net-ww/moinmoin-1.2.3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-25 http://bugs.gentoo.org/show_bug.cgi?id=57913 https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801 http://www.osvdb.org/displayvuln.php?osvdb_id=8194 http://www.osvdb.org/displayvuln.php?osvdb_id=8195

Insight

MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.

Severity

Classification

CVE CVE-2004-1462, CVE-2004-1463
CVSS Base Score: 10.0
AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200402-06 (Kernel)
Gentoo Security Advisory GLSA 200409-05 (Gallery)
Gentoo Security Advisory GLSA 200408-03 (libpng)
Gentoo Security Advisory GLSA 200406-03 (sitecopy)
Gentoo Security Advisory GLSA 200408-13 (kde, kdebase, kdelibs)

Take action and discover your vulnerabilities