Bug 96334 (CVE-2005-2215)

Summary: VUL-0: CVE-2005-2215: mediawiki bugfix / secfix update
Product: [Novell Products] SUSE Security Incidents Reporter: Marcus Meissner <meissner>
Component: IncidentsAssignee: Security Team bot <security-team>
Status: RESOLVED FIXED QA Contact: Security Team bot <security-team>
Severity: Normal    
Priority: P5 - None CC: security-team
Version: unspecified   
Target Milestone: ---   
Hardware: Other   
OS: All   
Whiteboard: CVE-2005-2215: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Found By: Other Services Priority:
Business Priority: Blocker: ---
Marketing QA Status: --- IT Deployment: ---
Attachments: fix from 1.4.5
fix from 1.4.6

Description Marcus Meissner 2005-07-13 13:45:04 UTC 
from http://wikipedia.sourceforge.net/ 
 
MediaWiki 1.4.6 is a bug fix and security update release. 
Incorrect escaping of a parameter in the page move template could be used to 
inject JavaScript code by getting a victim to visit a maliciously constructed 
URL. Users of vulnerable releases are recommended to upgrade to this release. 
Vulnerable versions:  
1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 
1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 
1.3 legacy series: not vulnerable 
This release also includes fixes for some rare bug annoying HTTP errors, a PHP 
4.1.2 breakage bug, and works around some template limitations introduced in 
1.4.5.
Comment 1 Marcus Meissner 2005-07-13 13:45:57 UTC 
we ship 1.4rc1 in 9.3. 
 
petr, can we extract the patch and include it for a sceurity update?
Comment 2 Marcus Meissner 2005-07-13 13:48:03 UTC 
and I see we might have skipped earlier security fixes already... 
 
do you have an overview of what we need to fix?
Comment 3 Christoph Thiel 2005-07-13 13:51:33 UTC 
I don't have it right now, but I'll have a look at it. Do we need to backport
the fixes?
Comment 4 Marcus Meissner 2005-07-13 13:55:16 UTC 
I was asking Petr ... he is the current maintainer ;)
Comment 5 Christoph Thiel 2005-07-13 13:57:56 UTC 
Well, that's even better - never mind :)
Comment 6 Anna Maresova 2005-07-15 11:24:51 UTC 
I will take a look at it.
Comment 7 Anna Maresova 2005-07-19 11:39:10 UTC 
There is yet another missed security fix in 1.4.5 (#2304 and #2309 in mediawiki
bugzilla). For the fix in 1.4.6 there is no bugzilla entry, in the cvs logs I
have found a fix that pretty well matches the bug description, I am waiting for
confirmation from the author.
Comment 8 Anna Maresova 2005-07-19 11:40:28 UTC 
Created attachment 42545 [details]
fix from 1.4.5

fix from 1.4.5
Comment 9 Anna Maresova 2005-07-19 11:41:06 UTC 
Created attachment 42546 [details]
fix from 1.4.6

fix from 1.4.6
Comment 10 Anna Maresova 2005-07-28 15:58:07 UTC 
fixes submitted
Comment 11 Ludwig Nussel 2005-08-15 13:45:20 UTC 
SM-Tracker-2053
Comment 12 Marcus Meissner 2005-08-15 15:44:00 UTC 
updates approved. thanks!
Comment 13 Marcus Meissner 2005-08-19 13:35:36 UTC 
CAN-2005-2215 (under review) 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 
1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web 
script or HTML via a parameter in the page move template, a different 
vulnerability than CAN-2005-1888.
Comment 14 Marcus Meissner 2005-08-19 13:37:20 UTC 
I think you also patches this one: 
 
CAN-2005-1888 (under review) 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows 
remote attackers to inject arbitrary web script via HTML attributes in page 
templates.
Comment 15 Thomas Biege 2009-10-13 21:33:13 UTC 
CVE-2005-2215: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)