MediaWiki < 1.19.11 / 1.21.5 / 1.22.2 Multiple Remote Code Execution Vulnerabilities

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote web server contains an application that is affected by
multiple remote code execution vulnerabilities.

Description :

According to its version number, the instance of MediaWiki installed on
the remote host is affected by the following remote code execution
vulnerabilities :

- A user-input validation error exists during thumbnail
generation in the 'thumb.php' script that could allow
execution of arbitrary shell commands via a specially
crafted DjVu file.

- A user-input validation error exists in the
'pdfhandler_body.php' script used by the PdfHandler
extension that could allow execution of arbitrary shell
commands via a specially crafted PDF file.

Note that the affected features are not enabled by default and Nessus
has not tested for these issues, but has instead relied on the
application's self-reported version number.

See also :

http://seclists.org/fulldisclosure/2014/Feb/6
http://www.nessus.org/u?85eeffc8
https://www.mediawiki.org/wiki/Release_notes/1.19
https://www.mediawiki.org/wiki/Release_notes/1.21
https://www.mediawiki.org/wiki/Release_notes/1.22
http://www.nessus.org/u?51818bdc

Solution :

Upgrade to MediaWiki version 1.19.11 / 1.21.5 / 1.22.2 or later.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.3
(CVSS2#E:POC/RL:OF/RC:C)
Public Exploit Available : true

Family: CGI abuses

Nessus Plugin ID: 72215 ()

Bugtraq ID: 65223

CVE ID: CVE-2014-1610