CVE-2009-4762
Published: 29 March 2010
MoinMoin 1.7.x before 1.7.3 and 1.8.x before 1.8.3 checks parent ACLs in certain inappropriate circumstances during processing of hierarchical ACLs, which allows remote attackers to bypass intended access restrictions by requesting an item, a different vulnerability than CVE-2008-6603.
Notes
| Author | Note |
|---|---|
| mdeslaur | Hierarchical ACLs were introduced in 1.6.0, so dapper and hardy don't appear to be vulnerable. |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
moin Launchpad, Ubuntu, Debian |
dapper |
Not vulnerable
(code not present)
|
| hardy |
Not vulnerable
(code not present)
|
|
| intrepid |
Ignored
(end of life, was needed)
|
|
| jaunty |
Released
(1.8.2-2ubuntu2.4)
|
|
| karmic |
Not vulnerable
(1.8.4-1ubuntu1.1)
|
|
| lucid |
Not vulnerable
(1.9.2-2ubuntu2)
|
|
| upstream |
Released
(1.7.3, 1.8.3)
|
|
|
Patches: upstream: http://hg.moinmo.in/moin/1.7/rev/897cdbe9e8f2 upstream: http://hg.moinmo.in/moin/1.8/rev/897cdbe9e8f2 |
||