FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

moinmoin -- ACL group bypass

Affected packages
moinmoin < 1.2.3

Details

VuXML ID 1ecf4ca1-f7ad-11d8-96c9-00061bc2ad93
Discovery 2004-07-21
Entry 2004-08-26

The moinmoin package contains two bugs with ACLs and anonymous users. Both bugs may permit anonymous users to gain access to administrative functions; for example the delete function.

There is no known workaround, the vulnerability exists regardless if a site is using ACLs or not.

References

Bugtraq ID 10801
Bugtraq ID 10805
URL http://secunia.com/advisories/11832
URL http://security.gentoo.org/glsa/glsa-200408-25.xml
URL http://www.osvdb.org/8194
URL http://www.osvdb.org/8195