Not logged in. · Lost password · Register
Forum: Announcements and Rules RSS
Security problem
Avatar
andi (Administrator) #1
User title: splitbrain
Member since May 2006 · 3499 posts · Location: Berlin Germany
Group memberships: Administrators, Members
Show profile · Link to this post
Subject: Security problem
Another two vulnerabilities have been discovered in DokuWiki. Both are mostly harmful for users of ImageMagick's convert utility only, but should be quickly fixed by everyone.

The first one is a possible denial of service vulnerability caused by allowing images being resized unlimited. When libGD is used (default) the needed RAM is calculated before and the function aborts if not enough RAM for the PHP process is available (typically 8 to 32MB). However if ImageMagick ($conf['imconvert']) is used, no such limit exists, allowing an attacker to potentially consume a lot of system ressources.

More info and how to fix this is available at http://bugs.splitbrain.org/?do=details&id=924

While examining this problem I discovered another, more serious one. The input parameters for width and height are not sanitized properly, which can be used by an attacker to introduce arbitrary shell commands into the imagemagick commandline. I was not able exploit this with the default libGD option but all users should apply the fix as soon as possible anyway.

More info and how to fix this is available at http://bugs.splitbrain.org/?do=details&id=926


Both problems are fixed in the new hotfixed tarball available at http://www.splitbrain.org/go/dokuwiki

Andi
Read this if you don't get any useful answers.
Lies dies wenn du keine hilfreichen Antworten bekommst.
Close Smaller – Larger + Reply to this post:
Verification code: VeriCode Please enter the word from the image into the text field below. (Type the letters only, lower case is okay.)
Smileys: :-) ;-) :-D :-p :blush: :cool: :rolleyes: :huh: :-/ <_< :-( :'( :#: :scared: 8-( :nuts: :-O
Special characters:
Go to forum
Imprint
This board is powered by the Unclassified NewsBoard software, 20150713-dev, © 2003-2015 by Yves Goergen
Current time: 2019-11-14, 21:19:00 (UTC +01:00)