{"id":"MGASA-2014-0438","summary":"Updated dokuwiki packages fix security vulnerabilities","details":"inc/template.php in DokuWiki before 2014-05-05a only checks for access to the\nroot namespace, which allows remote attackers to access arbitrary images via a\nmedia file details ajax call (CVE-2014-8761).\n\nThe ajax_mediadiff function in DokuWiki before 2014-05-05a allows remote\nattackers to access arbitrary images via a crafted namespace in the ns\nparameter (CVE-2014-8762).\n\nDokuWiki before 2014-05-05b, when using Active Directory for LDAP\nauthentication, allows remote attackers to bypass authentication via a\npassword starting with a null (\\0) character and a valid user name, which\ntriggers an unauthenticated bind (CVE-2014-8763).\n\nDokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP\nauthentication, allows remote attackers to bypass authentication via a user\nname and password starting with a null (\\0) character, which triggers an\nanonymous bind (CVE-2014-8764).\n","modified":"2026-04-16T06:25:52.041251315Z","published":"2014-10-31T15:53:38Z","upstream":["CVE-2014-8761","CVE-2014-8762","CVE-2014-8763","CVE-2014-8764"],"references":[{"type":"ADVISORY","url":"https://advisories.mageia.org/MGASA-2014-0438.html"},{"type":"REPORT","url":"https://bugs.mageia.org/show_bug.cgi?id=14252"},{"type":"WEB","url":"https://www.dokuwiki.org/changes#release_2014-09-29_hrun"},{"type":"WEB","url":"http://www.freelists.org/post/dokuwiki/Fwd-Dokuwiki-maybe-security-issue-Null-byte-poisoning-in-LDAP-authentication"},{"type":"WEB","url":"http://openwall.com/lists/oss-security/2014/10/16/9"}],"affected":[{"package":{"name":"dokuwiki","ecosystem":"Mageia:3","purl":"pkg:rpm/mageia/dokuwiki?arch=source&distro=mageia-3"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140929-1.1.mga3"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0438.json"}},{"package":{"name":"dokuwiki","ecosystem":"Mageia:4","purl":"pkg:rpm/mageia/dokuwiki?arch=source&distro=mageia-4"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"20140929-1.1.mga4"}]}],"ecosystem_specific":{"section":"core"},"database_specific":{"source":"https://advisories.mageia.org/MGASA-2014-0438.json"}}],"schema_version":"1.7.5","credits":[{"name":"Mageia","contact":["https://wiki.mageia.org/en/Packages_Security_Team"],"type":"COORDINATOR"}]}