Hiki Advisory 2007-06-24
Vurlnerability in Hiki
Hiki Development Team
2007-06-24
I. Overview
Hiki is a Wiki clone in Ruby. A arbitrary file delete vulnerability is discovered in Hiki. A remote attacker can delete any files which Hiki can do.
II. Systems affected
- Hiki 0.8.0 - 0.8.6
- Vulnerable
III. Problems
Hiki creates a file by using session_id as name for session management. It is deleted on a logout process.
Hiki checks session ID format by using a regexp /[0-9a-f]{16}/ but this is a wrong one. A remote attacker can specify a session ID which contains path delimiters and delete any files that Hiki can do.
IV. Corrections
Fixed the check that a session ID contains only hexadecimal characters.
V. Solution
Hiki Development Team has released version 0.8.7 as corrections of the vulnerability. Please update your system as soon as possible.
A patch file for version 0.8.6 is also released. If you are hard to update to 0.8.7, please apply it to 0.8.6.
[Related information]
Following documents are updated regularly. Please check for the latest version.
- Hiki Official Site http://hikiwiki.org/
[Revision history]
- 2007/06/24 1.0 <http
- //hikiwiki.org/en/advisory20070624.html>:First version in English.
Keyword(s):
References:[FrontPage]