TWiki "rev" Parameter Remote Command Execution Vulnerability

* Technical Description *

A vulnerability was identified inTWiki, which may be exploited by remote attackers to execute arbitrary commands. This flaw is due to an input validation error in the "/cgi-bin/view/Main/TWikiUsers" script that does not properly filter a specially crafted "rev" parameter, which may be exploited by remote attackers to execute arbitrary shell commands.

* Affected Products *

TWiki Production Release 02-Sep-2004
TWiki Production Release 01-Sep-2004
TWiki Production Release 01-Feb-2003
TWiki Production Release 01-Dec-2001
TWiki Production Release 01-Dec-2000

* Solution *

Apply patches :
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev

* References *

http://www.frsirt.com/english/advisories/2005/1750
http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev