CVE-2014-1610 Information

Description

MediaWiki 1.22.x before 1.22.2 1.21.x before 1.21.5 and 1.19.x before 1.19.11 when DjVu or PDF file upload support is enabled allows remote attackers to execute arbitrary commands via shell metacharacters in (1) the page parameter to includes/media/DjVu.php; (2) the w parameter (aka width field) to thumb.php which is not properly handled by includes/media/PdfHandler_body.php; and possibly unspecified vectors in (3) includes/media/Bitmap.php and (4) includes/media/ImageHandler.php.

Reference

http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127942.html http://lists.fedoraproject.org/pipermail/package-announce/2014-February/127948.html http://lists.wikimedia.org/pipermail/mediawiki-announce/2014-January/000140.html http://osvdb.org/102630 http://secunia.com/advisories/56695 http://secunia.com/advisories/57472 http://www.checkpoint.com/defense/advisories/public/2014/cpai-26-jan.html http://www.checkpoint.com/threatcloud-central/articles/2014-01-28-tc-researchers-discover.html http://www.debian.org/security/2014/dsa-2891 http://www.exploit-db.com/exploits/31329/ http://www.osvdb.org/102631 http://www.securityfocus.com/bid/65223 http://www.securitytracker.com/id/1029707 https://bugzilla.wikimedia.org/attachment.cgi?id=14361&action=diff https://bugzilla.wikimedia.org/attachment.cgi?id=14384&action=diff https://bugzilla.wikimedia.org/show_bug.cgi?id=60339 https://gerrit.wikimedia.org/r//c/110069/ https://gerrit.wikimedia.org/r//c/110069/2/includes/media/Bitmap.php https://gerrit.wikimedia.org/r//c/110215/