MoinMoin: Privilege escalation — GLSA 200805-09

A vulnerability in MoinMoin may allow a remote attacker to elevate his privileges.

Affected packages

www-apps/moinmoin on all architectures
Affected versions < 1.6.3
Unaffected versions >= 1.6.3

Background

MoinMoin is an advanced and extensible Wiki Engine.

Description

It has been reported that the user form processing in the file userform.py does not properly manage users when using Access Control Lists or a non-empty superusers list.

Impact

A remote attacker could exploit this vulnerability to gain superuser privileges on the application.

Workaround

There is no known workaround at this time.

Resolution

All MoinMoin users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=www-apps/moinmoin-1.6.3"

References

Release date
May 11, 2008

Latest revision
May 11, 2008: 01

Severity
normal

Exploitable
remote

Bugzilla entries