oss-sec mailing list archives

Debian Moin Question

From: Josh Bressers <bressers () redhat com>
Date: Mon, 5 Apr 2010 14:25:05 -0400 (EDT)

Hello everyone,

I just ran across this ID from MITRE:

Name: CVE-2010-1238
Status: Candidate
URL: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-1238
Final-Decision:
Interim-Decision:
Modified:
Proposed:
Assigned: 20100405
Category:
Reference: DEBIAN:DSA-2024
Reference: URL:http://www.debian.org/security/2010/dsa-2024

MoinMoin 1.7.1 allows remote attackers to bypass the textcha
protection mechanism by modifying the textcha-question and
textcha-answer fields to have empty values.

The only data I can find on this is from the Debian DSA, and the
information is quite slim. Can someone shed more light on this flaw?

Thanks.

-- 
    JB

Current thread:

Debian Moin Question Josh Bressers (Apr 05)
- Re: Debian Moin Question Michael Gilbert (Apr 05)
- Re: Debian Moin Question Giuseppe Iuculano (Apr 05)