CVE-2006-2878
CVSS7.5
发布时间 :2006-06-06 20:02:00
修订时间 :2011-03-07 21:37:10
NMCOS    

[原文]The spellchecker (spellcheck.php) in DokuWiki 2006/06/04 and earlier allows remote attackers to insert and execute arbitrary PHP code via "complex curly syntax" that is inserted into a regular expression that is processed by preg_replace with the /e (executable) modifier.


[CNNVD]DokuWiki spellchecker 远程PHP脚本代码注入漏洞(CNNVD-200606-146)

        DokuWiki 2006/06/04及更早版本中的spellchecker (spellcheck.php)允许远程攻击者通过插入到正则表达式内的"复杂缠绕语法"(由带有/e(可执行)修饰符的preg_replace处理)来执行任意PHP代码。

- CVSS (基础分值)

CVSS分值: 7.5 [严重(HIGH)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: NETWORK [攻击者不需要获取内网访问权或本地访问权]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:andreas_gohr:dokuwiki:release_2004-07-04
cpe:/a:andreas_gohr:dokuwiki:release_2005-09-19
cpe:/a:andreas_gohr:dokuwiki:release_2005-01-15
cpe:/a:andreas_gohr:dokuwiki:release_2006-03-05
cpe:/a:andreas_gohr:dokuwiki:release_2004-11-10
cpe:/a:andreas_gohr:dokuwiki:release_2005-09-22
cpe:/a:andreas_gohr:dokuwiki:release_2004-07-21
cpe:/a:andreas_gohr:dokuwiki:release_2004-07-07
cpe:/a:andreas_gohr:dokuwiki:release_2004-09-12
cpe:/a:andreas_gohr:dokuwiki:release_2004-08-15a
cpe:/a:andreas_gohr:dokuwiki:release_2004-09-25
cpe:/a:andreas_gohr:dokuwiki:release_2004-07-25
cpe:/a:andreas_gohr:dokuwiki:release_2005-07-01
cpe:/a:andreas_gohr:dokuwiki:release_2004-11-02
cpe:/a:andreas_gohr:dokuwiki:release_2006-06-04
cpe:/a:andreas_gohr:dokuwiki:release_2004-08-08
cpe:/a:andreas_gohr:dokuwiki:release_2005-07-13
cpe:/a:andreas_gohr:dokuwiki:release_2005-05-07
cpe:/a:andreas_gohr:dokuwiki:release_2005-01-14
cpe:/a:andreas_gohr:dokuwiki:release_2004-11-01
cpe:/a:andreas_gohr:dokuwiki:release_2004-09-30
cpe:/a:andreas_gohr:dokuwiki:release_2004-07-12
cpe:/a:andreas_gohr:dokuwiki:release_2005-02-06
cpe:/a:andreas_gohr:dokuwiki:release_2005-02-18
cpe:/a:andreas_gohr:dokuwiki:release_2004-08-22
cpe:/a:andreas_gohr:dokuwiki:release_2004-10-19
cpe:/a:andreas_gohr:dokuwiki:release_2005-01-16a

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2878
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2878
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-146
(官方数据源) CNNVD

- 其它链接及资源

http://www.hardened-php.net/advisory_042006.119.html
(VENDOR_ADVISORY)  MISC  http://www.hardened-php.net/advisory_042006.119.html
http://secunia.com/advisories/20429
(VENDOR_ADVISORY)  SECUNIA  20429
http://bugs.splitbrain.org/index.php?do=details&id=823
(PATCH)  CONFIRM  http://bugs.splitbrain.org/index.php?do=details&id=823
http://xforce.iss.net/xforce/xfdb/26913
(UNKNOWN)  XF  dokuwiki-spellchecker-code-execution(26913)
http://www.vupen.com/english/advisories/2006/2142
(UNKNOWN)  VUPEN  ADV-2006-2142
http://www.securityfocus.com/bid/18289
(UNKNOWN)  BID  18289
http://www.securityfocus.com/archive/1/archive/1/435989/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060605 Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker
http://www.osvdb.org/25980
(UNKNOWN)  OSVDB  25980
http://www.gentoo.org/security/en/glsa/glsa-200606-16.xml
(UNKNOWN)  GENTOO  GLSA-200606-16
http://securitytracker.com/id?1016221
(UNKNOWN)  SECTRACK  1016221
http://secunia.com/advisories/20669
(VENDOR_ADVISORY)  SECUNIA  20669
http://lists.grok.org.uk/pipermail/full-disclosure/2006-June/046602.html
(UNKNOWN)  FULLDISC  20060605 Advisory 04/2006: DokuWiki PHP code execution vulnerability in spellchecker

- 漏洞信息

DokuWiki spellchecker 远程PHP脚本代码注入漏洞
高危 输入验证
2006-06-06 00:00:00 2007-04-27 00:00:00
远程  
        DokuWiki 2006/06/04及更早版本中的spellchecker (spellcheck.php)允许远程攻击者通过插入到正则表达式内的"复杂缠绕语法"(由带有/e(可执行)修饰符的preg_replace处理)来执行任意PHP代码。

- 公告与补丁

        厂商已发布DocuWiki 2006-03-09版以解决此问题。
        

- 漏洞信息

25980
DokuWiki Spell Checker Embedded Link Arbitrary PHP Code Execution
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Commercial Vendor Verified

- 漏洞描述

DokuWiki contains a flaw that may allow a malicious user to execute arbitrary PHP code. The issue is triggered due to an error in the spell checker when processing links embedded in text being spell checked. It is possible that the flaw may allow arbitrary PHP code execution resulting in a loss of inegrity.

- 时间线

2006-06-04 Unknow
Unknow Unknow

- 解决方案

Upgrade to version ### (2006-03-09) or higher, as it has been reported to fix this vulnerability. Note that this flaw was fixed in the 2006-03-09 release without a change in version number. An upgrade is required as there are no known workarounds. Note: although the tarball is still labeled 2006-03-09 it contains the hotfix for this vulnerability

- 相关参考

- 漏洞作者

- 漏洞信息

DokuWiki Remote PHP Script Code Injection Vulnerability
Input Validation Error 18289
Yes No
2006-06-05 12:00:00 2006-06-14 11:01:00
Stefan Esser is credited with the discovery of this vulnerability.

- 受影响的程序版本

Gentoo Linux
DokuWiki DokuWiki 2006.6.4
DokuWiki DokuWiki 2006.3.5
DokuWiki DokuWiki 2005.9.22
DokuWiki DokuWiki 2004-10-19
DokuWiki DokuWiki 2004-09-30
DokuWiki DokuWiki 2004-09-25
DokuWiki DokuWiki 2004-09-12
DokuWiki DokuWiki 2004-08-22
DokuWiki DokuWiki 2004-08-15a
DokuWiki DokuWiki 2004-08-15
DokuWiki DokuWiki 2004-08-08
DokuWiki DokuWiki 2004-07-25
DokuWiki DokuWiki 2004-07-21
DokuWiki DokuWiki 2006.3.9

- 不受影响的程序版本

DokuWiki DokuWiki 2006.3.9

- 漏洞讨论

DokuWiki is prone to a remote PHP code-injection vulnerability.

An attacker can exploit this issue to facilitate a compromise of the application and the underlying system; other attacks are also possible.

DokuWiki versions 2006-06-04 and prior are vulnerable; other versions may also be affected.

- 漏洞利用

This issue can be exploited through a web client.

- 解决方案

The vendor has released version 2006-03-09 of DocuWiki to address this issue.

Please see the referenced advisories for further information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站