Ubuntu 6.06 LTS / 8.04 LTS / 8.10 / 9.04 / 9.10 : moin vulnerabilities (USN-911-1)
High Nessus Plugin ID 45042
SynopsisThe remote Ubuntu host is missing one or more security-related patches.
DescriptionIt was discovered that several wiki actions and preference settings in MoinMoin were not protected from cross-site request forgery (CSRF). If an authenticated user were tricked into visiting a malicious website while logged into MoinMoin, a remote attacker could change the user's configuration or wiki content. (CVE-2010-0668, CVE-2010-0717)
It was discovered that MoinMoin did not properly sanitize its input when processing user preferences. An attacker could enter malicious content which when viewed by a user, could render in unexpected ways.
Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
SolutionUpdate the affected moinmoin-common, python-moinmoin and / or python2.4-moinmoin packages.