Launchpad.net

CVE 2008-0782

Directory traversal vulnerability in MoinMoin 1.5.8 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the MOIN_ID user ID in a cookie for a userform action. NOTE: this issue can be leveraged for PHP code execution via the quicklinks parameter.

Related bugs and status

CVE-2008-0782 (Candidate) is related to these bugs:

Bug #200897: [moin] [DSA-1514-1] multiple vulnerabilities

		In	Importance	Status
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Intrepid)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Jaunty)	Undecided	Invalid
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Dapper)	Undecided	Fix Released
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Gutsy)	Undecided	Fix Released
200897	[moin] [DSA-1514-1] multiple vulnerabilities	moin (Ubuntu Hardy)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

VIM: 20080124 MoinMoin 1.5....
BID: 27404
CONFIRM: http://hg.moinmo.in/mo...
SECUNIA: 29010
DEBIAN: DSA-1514
SECUNIA: 29262
GENTOO: GLSA-200803-27
SECUNIA: 29444
SECUNIA: 33755
VUPEN: ADV-2008-0569
XF: moinmoin-readme-file-o...
EXPLOIT-DB: 4957
UBUNTU: USN-716-1