FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- improper symlink verification vulnerability

Affected packages
ikiwiki < 2.14


VuXML ID 31d9fbb4-9d09-11dc-a29d-0016d325a0ed
Discovery 2007-11-26
Entry 2007-11-27

The ikiwiki development team reports:

Ikiwiki did not check if path to the srcdir to contained a symlink. If an attacker had commit access to the directories in the path, they could change it to a symlink, causing ikiwiki to read and publish files that were not intended to be published. (But not write to them due to other checks.)