Bug 96334 (CVE-2005-2215) - VUL-0: CVE-2005-2215: mediawiki bugfix / secfix update
Summary: VUL-0: CVE-2005-2215: mediawiki bugfix / secfix update
Status: RESOLVED FIXED
Alias: CVE-2005-2215
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents (show other bugs)
Version: unspecified
Hardware: Other All
: P5 - None : Normal
Target Milestone: ---
Assignee: Security Team bot
QA Contact: Security Team bot
URL:
Whiteboard: CVE-2005-2215: CVSS v2 Base Score: 4....
Keywords:
Depends on:
Blocks:
 
Reported: 2005-07-13 13:45 UTC by Marcus Meissner
Modified: 2021-09-27 09:03 UTC (History)
1 user (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---

Attachments
fix from 1.4.5 (4.47 KB, patch)
2005-07-19 11:40 UTC, Anna Maresova 		Details | Diff
fix from 1.4.6 (775 bytes, text/x-patch)
2005-07-19 11:41 UTC, Anna Maresova 		Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Marcus Meissner 2005-07-13 13:45:04 UTC 
from http://wikipedia.sourceforge.net/ 
 
MediaWiki 1.4.6 is a bug fix and security update release. 
Incorrect escaping of a parameter in the page move template could be used to 
inject JavaScript code by getting a victim to visit a maliciously constructed 
URL. Users of vulnerable releases are recommended to upgrade to this release. 
Vulnerable versions:  
1.5 preview series: n <= 1.5beta2 vulnerable, fixed in 1.5beta3 
1.4 stable series: 1.4beta6 <= n <= 1.4.5 vulnerable, fixed in 1.4.6 
1.3 legacy series: not vulnerable 
This release also includes fixes for some rare bug annoying HTTP errors, a PHP 
4.1.2 breakage bug, and works around some template limitations introduced in 
1.4.5.
Comment 1 Marcus Meissner 2005-07-13 13:45:57 UTC 
we ship 1.4rc1 in 9.3. 
 
petr, can we extract the patch and include it for a sceurity update?
Comment 2 Marcus Meissner 2005-07-13 13:48:03 UTC 
and I see we might have skipped earlier security fixes already... 
 
do you have an overview of what we need to fix?
Comment 3 Christoph Thiel 2005-07-13 13:51:33 UTC 
I don't have it right now, but I'll have a look at it. Do we need to backport
the fixes?
Comment 4 Marcus Meissner 2005-07-13 13:55:16 UTC 
I was asking Petr ... he is the current maintainer ;)
Comment 5 Christoph Thiel 2005-07-13 13:57:56 UTC 
Well, that's even better - never mind :)
Comment 6 Anna Maresova 2005-07-15 11:24:51 UTC 
I will take a look at it.
Comment 7 Anna Maresova 2005-07-19 11:39:10 UTC 
There is yet another missed security fix in 1.4.5 (#2304 and #2309 in mediawiki
bugzilla). For the fix in 1.4.6 there is no bugzilla entry, in the cvs logs I
have found a fix that pretty well matches the bug description, I am waiting for
confirmation from the author.
Comment 8 Anna Maresova 2005-07-19 11:40:28 UTC 
Created attachment 42545 [details]
fix from 1.4.5

fix from 1.4.5
Comment 9 Anna Maresova 2005-07-19 11:41:06 UTC 
Created attachment 42546 [details]
fix from 1.4.6

fix from 1.4.6
Comment 10 Anna Maresova 2005-07-28 15:58:07 UTC 
fixes submitted
Comment 11 Ludwig Nussel 2005-08-15 13:45:20 UTC 
SM-Tracker-2053
Comment 12 Marcus Meissner 2005-08-15 15:44:00 UTC 
updates approved. thanks!
Comment 13 Marcus Meissner 2005-08-19 13:35:36 UTC 
CAN-2005-2215 (under review) 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x before 
1.4.6 and 1.5 before 1.5beta3 allows remote attackers to inject arbitrary web 
script or HTML via a parameter in the page move template, a different 
vulnerability than CAN-2005-1888.
Comment 14 Marcus Meissner 2005-08-19 13:37:20 UTC 
I think you also patches this one: 
 
CAN-2005-1888 (under review) 
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 allows 
remote attackers to inject arbitrary web script via HTML attributes in page 
templates.
Comment 15 Thomas Biege 2009-10-13 21:33:13 UTC 
CVE-2005-2215: CVSS v2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N)