Gentoo Security Advisory GLSA 200408-25 (MoinMoin) Network Vulnerability

Summary

The remote host is missing updates announced in advisory GLSA 200408-25.

Solution

All users should upgrade to the latest available version of MoinMoin, as follows: # emerge sync # emerge -pv '>=net-ww/moinmoin-1.2.3' # emerge '>=net-ww/moinmoin-1.2.3' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200408-25 http://bugs.gentoo.org/show_bug.cgi?id=57913 https://sourceforge.net/project/shownotes.php?group_id=8482&release_id=254801 http://www.osvdb.org/displayvuln.php?osvdb_id=8194 http://www.osvdb.org/displayvuln.php?osvdb_id=8195

Insight

MoinMoin contains a bug allowing anonymous users to bypass ACLs (Access Control Lists) and carry out operations that should be limited to authorized users.

Severity

Classification

CVE CVE-2004-1462, CVE-2004-1463

CVSS	Base Score: 10.0 AV:N/AC:L/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Gentoo Security Advisory GLSA 200406-05 (Apache)
Gentoo Security Advisory GLSA 200405-09 (proftpd)
Gentoo Security Advisory GLSA 200404-02 (kde-base/kde)
Gentoo Security Advisory GLSA 200404-05 (ipsec-tools)
Gentoo Security Advisory GLSA 200406-22 (Pavuk)

Take action and discover your vulnerabilities