FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

twiki -- multiple file extensions file upload vulnerability

Affected packages
twiki < 4.0.4,1

Details

VuXML ID a876df84-0fef-11db-ac96-000c6ec775d9
Discovery 2006-07-05
Entry 2006-07-10

A TWiki Security Alert reports:

The TWiki upload filter already prevents executable scripts such as .php, .php1, .phps, .pl from potentially getting executed by appending a .txt suffix to the uploaded filename. However, PHP and some other types allows additional file suffixes, such as .php.en, .php.1, and .php.2. TWiki does not check for these suffixes, e.g. it is possible to upload php scripts with such suffixes without the .txt filename padding.

This issue can also be worked around with a restrictive web server configuration. See the TWiki Security Alert for more information about how to do this.

References

Bugtraq ID 18854
CVE Name CVE-2006-3336
URL http://secunia.com/advisories/20992/
URL http://twiki.org/cgi-bin/view/Codev/SecurityAlertSecureFileUploads