An input sanitation error in DokuWiki might lead to the dislosure of local
files or even the remote execution of arbitrary code.


Background


DokuWiki is a standards compliant Wiki system written in PHP.


Affected Packages

Package: www-apps/dokuwiki
Vulnerable: < 20090214b
Unaffected: >= 20090214b
Architectures: All supported architectures


De******ion


girex reported that data from the "config_cascade" parameter in
inc/init.php is not properly sanitized before being used.


Impact


A remote attacker could exploit this vulnerability to execute PHP code
from arbitrary local, or, when the used PHP version supports [عزيزي الزائر يتوجب عليك التسجيل لمشاهدة الرابط للتسجيل اضغط هنا]
URLs, also from remote files via FTP. Furthermore, it is possible to
disclose the *******s of local files. NOTE: Successful exploitation
requires the PHP option "register_globals" to be enabled.


Workaround


Disable "register_globals" in php.ini.


Resolution


All DokuWiki users should upgrade to the latest version:
Code: # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/dokuwiki-2009-02-14b"