Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2006-5099

lib/exec/fetch.php in DokuWiki before 2006-03-09e, when conf[imconvert] is configured to use ImageMagick, allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) w and (2) h parameters, which are not filtered when invoking convert.

Related bugs and status

CVE-2006-5099 (Candidate) is related to these bugs:

Bug #45887: Security update needed for all versions prior to 2006 March 9th

		In	Importance	Status
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu)	Medium	Fix Released
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu Breezy)	Medium	Invalid
45887	Security update needed for all versions prior to 2006 March 9th	dokuwiki (Ubuntu Dapper)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

GENTOO: GLSA-200609-20
SECUNIA: 22192
SECUNIA: 22199
VUPEN: ADV-2006-3851
CONFIRM: http://bugs.splitbrain...