FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

ikiwiki -- tty hijacking via ikiwiki-mass-rebuild

Affected packages
ikiwiki < 3.20110608

Details

VuXML ID 3145faf1-974c-11e0-869e-000c29249b2e
Discovery 2011-06-08
Entry 2011-06-15

The IkiWiki development team reports:

Ludwig Nussel discovered a way for users to hijack root's tty when ikiwiki-mass-rebuild was run. Additionally, there was some potential for information disclosure via symlinks.

[source]

References

CVE Name CVE-2011-1408
URL http://ikiwiki.info/security/#index40h2

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.