A lack of input validation in the TWiki revision control function may allow a remote, unauthenticated attacker to execute arbitrary commands.
TWiki is a web-based collaborative publishing environment. TWiki does not sanitize user-controlled URI parameters supplied to the revision control function for malicious content. Specifically, the rev parameter is not filtered for shell metacharacters before being used to construct a shell command. By sending a specially crafted URI to a system running TWiki, an remote, unauthenticated attacker may be able to execute arbitrary commands on that system.
Note that exploits are publicly available for this vulnerability. More detailed information is available in the TWiki Security Alert.
By sending a specially crafted URI to TWiki, a remote, unauthenticated attacker may be able to execute arbitrary commands with the privileges of the CGI process, typically nobody.
This vulnerability was reported by Sap. TWiki credits PeterThoeny, Crawford Currie, Sven Dowideit, Colas Nahaboo, Will Norris, Richard Donkin, B4dP4nd4 and Florian Weimer for providing information regarding this issue.
This document was written by Jeff Gennari.
|Date First Published:||2005-09-20|
|Date Last Updated:||2005-10-04 19:45 UTC|