There is a new vulnerability in Twiki installations that allow for
arbitrary command execution through the TWikiUsers script. You must
apply the hotfix
to your affected TWiki installations, especially if they are available
offsite. Machines offering a vulnerable version of TWiki will be blocked
from network access until remediate and upgraded. Details and hotfix can be found at: http://twiki.org/cgi-bin/view/Codev/SecurityAlertExecuteCommandsWithRev |
For assistance contact helpdesk@fnal.gov.
Information compiled and maintained by Computer Security Team ; last modified by TR on July 13, 2006. (Address comments about page to the Computer Security Team.) |