Serious Twiki security hole
p2p news / p2pnet:- There’s a serious security hole in TWiki, a Wiki collaboration platform used for internal communications at companies including IBM, Yahoo, Circuit City, Reuters, Boeing, General Electric, Wachovia and ZoneLabs, says Britain’s Netcraft.
“The vulnerability allows remote attackers to execute shell commands on affected systems, and is already being actively exploited, with some analysts warning that a worm could soon follow,” says the post.
Some large companies use it to run web-facing Wikis such as British Telecom’s UK Telco B2B Forum.
“The TWiki revision control function uses a user supplied URL parameter to compose a command line executed by the Perl backtick (“) operator,” says TWiki.
“The URL parameter is not checked properly for shell metacharacters and is thus vulnerable to revision numbers containing pipes and shell commands. Exploit is possible on topics with two or more revisions.
“Example URL path with exploited rev parameter: /cgi-bin/view/Main/TWikiUsers?rev=2%20%7Cless%20/etc/passwd
“If access to TWiki is not restricted by other means, attackers can use the revision function without prior authentication.”
TWiki looks and feels like a normal Intranet or Internet web site, says the site. “However it also has a Edit link at the bottom of every topic (web page), everybody can change a topic or add content by just using a browser.”
Go here for the hotfix.
Something you think we should know? tips[at]p2pnet.net
See:-
Netcraft – Hackers Targeting Security Hole in Twiki, September 16, 2004
TWiki – Security Alert: TWiki history function allows arbitrary shell command execution, September 17, 2005
