CVE-2010-0288 in Ubuntu

CVE-2010-0288

Priority

Medium

Description

A typo in the administrator permission check in the ACL Manager plugin
(plugins/acl/ajax.php) in DokuWiki before 2009-12-25b allows remote
attackers to gain privileges and access closed wikis by editing current ACL
statements, as demonstrated in the wild in January 2010.

References

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-0288
http://www.splitbrain.org/blog/2010-01/17-dokuwiki-security

Bugs

http://bugs.splitbrain.org/index.php?do=details&task_id=1847

Package

Source: dokuwiki (LP Ubuntu Debian)

Upstream:	needs-triage
Ubuntu 8.04 LTS (Hardy Heron):	ignored (reached end-of-life)
Ubuntu 10.04 LTS (Lucid Lynx):	needs-triage
Ubuntu 11.10 (Oneiric Ocelot):	ignored (reached end-of-life)
Ubuntu 12.04 LTS (Precise Pangolin):	needs-triage
Ubuntu 12.10 (Quantal Quetzal):	needs-triage
Ubuntu 13.04 (Raring Ringtail):	needs-triage
Ubuntu 13.10 (Saucy Salamander):	needs-triage

More Information

Mitre
NVD
Launchpad
Debian

Updated: 2013-05-09 15:14:54 UTC (commit 6824)