1. Ubuntu Security Notices
  2. USN-716-1

USN-716-1: MoinMoin vulnerabilities

Publication date

30 January 2009

Overview

MoinMoin vulnerabilities

Releases

Packages

Details

Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)

Fernando Quintero discovered that MoinMoin did not properly sanitize its input
when attaching files, resulting in cross-site scripting vulnerabilities. This
issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)

It was discovered that MoinMoin did not properly sanitize its input when
processing user forms. A remote attacker could submit crafted cookie values and
overwrite...

Fernando Quintero discovered than MoinMoin did not properly sanitize its
input when processing login requests, resulting in cross-site scripting (XSS)
vulnerabilities. With cross-site scripting vulnerabilities, if a user were
tricked into viewing server output during a crafted server request, a remote
attacker could exploit this to modify the contents, or steal confidential data,
within the same domain. This issue affected Ubuntu 7.10 and 8.04 LTS.
(CVE-2008-0780)

Fernando Quintero discovered that MoinMoin did not properly sanitize its input
when attaching files, resulting in cross-site scripting vulnerabilities. This
issue affected Ubuntu 6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0781)

It was discovered that MoinMoin did not properly sanitize its input when
processing user forms. A remote attacker could submit crafted cookie values and
overwrite arbitrary files via directory traversal. This issue affected Ubuntu
6.06 LTS, 7.10 and 8.04 LTS. (CVE-2008-0782)

It was discovered that MoinMoin did not properly sanitize its input when
editing pages, resulting in cross-site scripting vulnerabilities. This issue
only affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1098)

It was discovered that MoinMoin did not properly enforce access controls,
which could allow a remoter attacker to view private pages. This issue only
affected Ubuntu 6.06 LTS and 7.10. (CVE-2008-1099)

It was discovered that MoinMoin did not properly sanitize its input when
attaching files and using the rename parameter, resulting in cross-site
scripting vulnerabilities. (CVE-2009-0260)

It was discovered that MoinMoin did not properly sanitize its input when
displaying error messages after processing spam, resulting in cross-site
scripting vulnerabilities. (CVE-2009-0312)

Update instructions

In general, a standard system upgrade is sufficient to effect the necessary changes.

Learn more about how to get the fixes.

The problem can be corrected by updating your system to the following package versions:

Ubuntu Release Package Version
8.10 intrepid python-moinmoin –  1.7.1-1ubuntu1.1
8.04 hardy python-moinmoin –  1.5.8-5.1ubuntu2.2
7.10 gutsy python-moinmoin –  1.5.7-3ubuntu2.1
6.06 dapper python2.4-moinmoin –  1.5.2-1ubuntu2.4

Reduce your security exposure

Ubuntu Pro provides ten-year security coverage to 25,000+ packages in Main and Universe repositories, and it is free for up to five machines.

Get Ubuntu Pro

References

Have additional questions?

Talk to a member of the team ›