A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki.
|Package||www-apps/twiki on all architectures|
|Affected versions||< 20040902|
|Unaffected versions||>= 20040902 , < 20000000|
TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser.
The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string.
An attacker can insert malicious commands into a search request, allowing the execution of arbitrary commands with the privileges of the user running TWiki (usually the Web server user).
There is no known workaround at this time.
All TWiki users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902"
November 24, 2004
September 08, 2006: 02