- 28 May 2008Advisories » TWiki CGI Session File Unspecified Perl Code Execution Vulnerability
| Release Date: | 09/02/2007 | Severity: | Less Critical  |
| SecWatch Advisory: | SWID1016986 | Cause: | Not specified |
| Solution Status: | Vendor Patch | Impact: | Execution of arbitrary code Privilege escalation |
| Exploit Status: | None Available | Access Vector: | From local system |
| Affected Software: | TWiki | ||
Description:
A vulnerability in TWiki has been reported, which can be exploited by local users to gain escalated privileges.
The vulnerability is caused due to the program loading and executing CGI session files from a temporary directory (by default the world-writable "/tmp"). This can be exploited by creating a specially crafted CGI session file in the directory, which causes it to be loaded and executed as Perl code with the privileges of the web server under unspecified circumstances.
NOTE: It is possible to exploit this by running malicious CGI or PHP scripts on a shared server where another customer runs TWiki.
Affected:
TWiki versions prior to 4.1.1 and in TWiki SessionPlugin prior to 2.992.
Solution:
The vulnerability has been fixed in version 4.1.1 or TWiki SessionPlugin 2.992.
Credits:
Andrew Moise
Free Vulnerability Notification Service
Receive free instant and customisable notifications of new vulnerabilities or exploits via e-mail, web or RSS feeds. Click here for more information.
Related Vulnerabilities and Exploits
05 Jul 06: TWiki Upload Filter Remote Security Bypass and Arbitrary File Upl..
01 Dec 06: TWiki "ErrorDocument" Directive Handling Remote Authentication By..
08 Sep 06: TWiki "filename" Parameter Handling Remote Information Disclosure..
19 Jun 06: TWiki Registration Account Override Vulnerability
27 Mar 06: TWiki Restricted Content Access and Remote Denial of Service Vuln..