TWiki: Arbitrary command execution — GLSA 200411-33

A bug in the TWiki search function allows an attacker to execute arbitrary commands with the permissions of the user running TWiki.

Affected Packages

www-apps/twiki on all architectures
Affected versions < 20040902
Unaffected versions >= 20040902 , < 20000000

Background

TWiki is a Web-based groupware tool based around the concept of wiki pages that can be edited by anybody with a Web browser.

Description

The TWiki search function, which uses a shell command executed via the Perl backtick operator, does not properly escape shell metacharacters in the user-provided search string.

Impact

An attacker can insert malicious commands into a search request, allowing the execution of arbitrary commands with the privileges of the user running TWiki (usually the Web server user).

Workaround

There is no known workaround at this time.

Resolution

All TWiki users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/twiki-20040902"

References

Release Date
November 24, 2004

Latest Revision
September 08, 2006: 02

Severity
high

Exploitable
remote

Bugzilla entries