search menu icon-carat-right cmu-wordmark

CERT Coordination Center

TWiki does not properly sanitize URI parameters

Vulnerability Note VU#757181

Original Release Date: 2005-09-20 | Last Revised: 2005-10-04

Overview

A lack of input validation in the TWiki revision control function may allow a remote, unauthenticated attacker to execute arbitrary commands.

Description

TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-controlled URI parameters supplied to the revision control function for malicious content. Specifically, the rev parameter is not filtered for shell metacharacters before being used to construct a shell command. By sending a specially crafted URI to a system running TWiki, an remote, unauthenticated attacker may be able to execute arbitrary commands on that system.

Note that exploits are publicly available for this vulnerability. More detailed information is available in the TWiki Security Alert.

Impact

By sending a specially crafted URI to TWiki, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the CGI process, typically nobody.

Solution

Apply hotfix
TWiki has release a hotfix to address this issue.

Restrict access


Restricting access to TWiki to only trusted users will reduce the chances of exploitation.

Vendor Information

757181
 
Affected   Unknown   Unaffected

TWiki

Updated:  September 23, 2005

Status

  Vulnerable

Vendor Statement

No statement is currently available from the vendor regarding this vulnerability.

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.


CVSS Metrics

Group Score Vector
Base N/A N/A
Temporal N/A N/A
Environmental N/A

References

Acknowledgements

This vulnerability was reported by Sap. TWiki credits PeterThoeny, Crawford Currie, Sven Dowideit, Colas Nahaboo, Will Norris, Richard Donkin, B4dP4nd4 and Florian Weimer for providing information regarding this issue.

This document was written by Jeff Gennari.

Other Information

CVE IDs: CVE-2005-2877
Severity Metric: 12.57
Date Public: 2005-09-14
Date First Published: 2005-09-20
Date Last Updated: 2005-10-04 19:45 UTC
Document Revision: 46

Sponsored by the Department of Homeland Security Office of Cybersecurity and Communications.