FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

twiki -- arbitrary shell command execution

Affected packages
twiki < 20040902

Details

VuXML ID b4af3ede-36e9-11d9-a9e7-0001020eed82
Discovery 2004-11-12
Entry 2004-11-15
Modified 2004-11-23

Hans Ulrich Niedermann reports:

The TWiki search function uses a user supplied search string to compose a command line executed by the Perl backtick (``) operator.

The search string is not checked properly for shell metacharacters and is thus vulnerable to search string containing quotes and shell commands.

IMPACT: An attacker is able to execute arbitrary shell commands with the privileges of the TWiki process.

References

CVE Name CVE-2004-1037
Message 86zn1mhchx.fsf@n-dimensional.de
URL http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithSearch