FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

CVE-2012-4404

This CVE name corresponds to:

Entered Topic
2012-09-05 moinmoin -- wrong processing of group membership

The following information is adapted from the Common Vulnerabilities and Exposures (CVE) project. CVE and the CVE logo are trademarks of The MITRE Corporation. CVE content is Copyright 2005, The MITRE Corporation.

CVE-2012-4404 at cve.mitre.org

Details

Type Candidate
Name CVE-2012-4404
Phase Assigned(20120821)

Description

security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group.

References

Source Reference
MLIST [oss-security] 20120904 CVE request: moinmoin incorrect ACL evaluation for virtual groups
MLIST [oss-security] 20120904 Re: CVE request: moinmoin incorrect ACL evaluation for virtual groups
CONFIRM http://hg.moinmo.in/moin/1.9/rev/7b9f39289e16
CONFIRM http://moinmo.in/SecurityFixes
DEBIAN DSA-2538
UBUNTU USN-1604-1
SECUNIA 50474
SECUNIA 50496
SECUNIA 50885

Copyright © 2005 The MITRE Corporation.

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.