CVE-2006-2942
CVSS5.1
发布时间 :2006-06-20 14:02:00
修订时间 :2011-03-07 21:37:21
NMCOS    

[原文]TWiki 4.0.0, 4.0.1, and 4.0.2 allows remote attackers to gain Twiki administrator privileges via a TWiki.TWikiRegistration form with a modified action attribute that references the Sandbox web instead of the user web, which can then be used to associate the user's login name with the WikiName of a member of the TWikiAdminGroup.


[CNNVD]Twiki 主页创建 特权提升漏洞(CNNVD-200606-391)

        TWiki可以使远程攻击者借助含有经过修改的action属性的TWiki.TWikiRegistration表单,获得Twiki管理员权限。该属性引用Sandbox web而非用户web,随后,可用于将用户的登录名与TWikiAdminGroup会员的WikiName相结合。

- CVSS (基础分值)

CVSS分值: 5.1 [中等(MEDIUM)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: PARTIAL [可能会导致性能下降或中断资源访问]
攻击复杂度: HIGH [漏洞利用存在特定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:twiki:twiki:4.0.2
cpe:/a:twiki:twiki:4.0.1
cpe:/a:twiki:twiki:4.0.0

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2942
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-2942
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200606-391
(官方数据源) CNNVD

- 其它链接及资源

http://www.securityfocus.com/bid/18506
(PATCH)  BID  18506
http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
(VENDOR_ADVISORY)  CONFIRM  http://twiki.org/cgi-bin/view/Codev/SecurityAlertTWiki4PrivilegeElevation
http://securitytracker.com/id?1016323
(PATCH)  SECTRACK  1016323
http://secunia.com/advisories/20596
(VENDOR_ADVISORY)  SECUNIA  20596
http://xforce.iss.net/xforce/xfdb/27336
(UNKNOWN)  XF  twiki-action-security-bypass(27336)
http://www.vupen.com/english/advisories/2006/2415
(UNKNOWN)  VUPEN  ADV-2006-2415
http://www.osvdb.org/26623
(UNKNOWN)  OSVDB  26623
http://archives.neohapsis.com/archives/vulnwatch/2006-q2/0032.html
(UNKNOWN)  VULNWATCH  20060616 TWiki Security Advisory: Privilege elevation with crafted registration form (CVE-2006-2942)

- 漏洞信息

Twiki 主页创建 特权提升漏洞
中危 设计错误
2006-06-20 00:00:00 2006-08-17 00:00:00
远程  
        TWiki可以使远程攻击者借助含有经过修改的action属性的TWiki.TWikiRegistration表单,获得Twiki管理员权限。该属性引用Sandbox web而非用户web,随后,可用于将用户的登录名与TWikiAdminGroup会员的WikiName相结合。

- 公告与补丁

        目前厂商已经发布了相关补丁,请到厂商的主页下载:
        TWiki TWiki 4.0
        TWiki Twiki Patch (diff file) for versions 4.0.0, 4.0.1, and 4.0.2
        http://twiki.org/p/pub/Codev/SecurityAlertTWiki4PrivilegeElevation/CVE -2006-2942-hotfix-4.0.0-4.0.2.diff
        TWiki TWiki 4.0.1
        TWiki Twiki Patch (diff file) for versions 4.0.0, 4.0.1, and 4.0.2
        http://twiki.org/p/pub/Codev/SecurityAlertTWiki4PrivilegeElevation/CVE -2006-2942-hotfix-4.0.0-4.0.2.diff
        TWiki TWiki 4.0.2
        TWiki Twiki Patch (diff file) for versions 4.0.0, 4.0.1, and 4.0.2
        http://twiki.org/p/pub/Codev/SecurityAlertTWiki4PrivilegeElevation/CVE -2006-2942-hotfix-4.0.0-4.0.2.diff
        

- 漏洞信息

26623
TWiki Registration Crafted form Element Account Hijack
Remote / Network Access Input Manipulation
Loss of Confidentiality
Exploit Public

- 漏洞描述

TWiki contains a flaw that may allow a malicious user to gain administrator privileges. The issue is caused due to an error in the registration process that can be exploited by changing the action attribute of the form element to the Sandbox web. It is possible that the flaw may allow a user to gain privileges of another user resulting in a loss of confidentiality.

- 时间线

2006-06-17 Unknow
2006-06-17 Unknow

- 解决方案

Currently, there are no known workarounds or upgrades to correct this issue. However, TWiki has released a patch to address this vulnerability.

- 相关参考

- 漏洞作者

- 漏洞信息

TWiki Homepage Creation Privilege Escalation Vulnerability
Design Error 18506
Yes No
2006-06-19 12:00:00 2006-06-20 05:00:00
The vendor credits Harald Jörg with the discovery of this vulnerability.

- 受影响的程序版本

TWiki TWiki 4.0.2
TWiki TWiki 4.0.1
TWiki TWiki 0

- 漏洞讨论

TWiki is prone to a vulnerability that could permit privilege escalation. This issue is due to a design error in the application; it fails to properly reset security settings.

An attacker with a valid account can exploit this vulnerability to elevate privileges to that of an administrator of the application. This may permit the attacker to alter site content; other attacks are also possible.

- 漏洞利用

This issue can be exploited through a web client.

- 解决方案

The vendor has released a hotfix for all released versions of TWiki 4.0.X; please see the reference section for details.


TWiki TWiki 0

TWiki TWiki 4.0.1

TWiki TWiki 4.0.2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站