{"vuid":"VU#584436","idnumber":"584436","name":"TWiki vulnerable to arbitrary code execution via CGI session files","keywords":["TWiki","arbitrary code execution","local users","CGI session files"],"overview":"TWiki fails to protect the CGI session directory, which may allow an attacker to execute arbitrary code with the privileges of the web server.","clean_desc":"TWiki is a web-based collaborative publishing environment. TWiki creates CGI session files in the global /tmp directory, which is generally world readable and writable. By creating CGI session files in this directory, an attacker may be able to execute arbitrary code.","impact":"An attacker with the ability to create files in the CGI session directory (usually /tmp) may be able to execute arbitrary code with the privileges of the web server.","resolution":"Apply an update\nThis issue is addressed in TWikiRelease04x01x01, as specified in TWiki SecurityAlert-CVE-2007-0669.","workarounds":"Workarounds TWiki SecurityAlert-CVE-2007-0669 suggests several workarounds, including: Restrict access to the TWiki server on file level and HTTP. If on a shared host, move TWiki to a dedicated host. Upgrade to TWikiRelease04x01x01 -- TWiki-4.1.1.zip (recommended)\n Apply a hotfix indicated below.","sysaffected":"","thanks":"Thanks to Peter Thoeny for reporting this vulnerability.","author":"This document was written by Will Dormann.","public":["http://twiki.org/cgi-bin/view/Codev/SecurityAlert-CVE-2007-0669","http://secunia.com/advisories/24091/"],"cveids":["CVE-2007-0669"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2007-02-08T20:46:30Z","publicdate":"2007-02-08T00:00:00Z","datefirstpublished":"2007-02-08T21:10:42Z","dateupdated":"2007-02-14T16:56:05Z","revision":7,"vrda_d1_directreport":"1","vrda_d1_population":"2","vrda_d1_impact":"2","cam_widelyknown":"15","cam_exploitation":"0","cam_internetinfrastructure":"10","cam_population":"12","cam_impact":"7","cam_easeofexploitation":"15","cam_attackeraccessrequired":"10","cam_scorecurrent":"5.90625","cam_scorecurrentwidelyknown":"7.0875","cam_scorecurrentwidelyknownexploited":"11.8125","ipprotocol":"","cvss_accessvector":"","cvss_accesscomplexity":"","cvss_authentication":null,"cvss_confidentialityimpact":"","cvss_integrityimpact":"","cvss_availabilityimpact":"","cvss_exploitablity":null,"cvss_remediationlevel":"","cvss_reportconfidence":"","cvss_collateraldamagepotential":"","cvss_targetdistribution":"","cvss_securityrequirementscr":"","cvss_securityrequirementsir":"","cvss_securityrequirementsar":"","cvss_basescore":"","cvss_basevector":"","cvss_temporalscore":"","cvss_environmentalscore":"","cvss_environmentalvector":"","metric":5.90625,"vulnote":null}