[wikka-community] Secunia Advisory SA34321 -- How Critical?
Brian Koontz
brian
Fri Apr 17 00:44:29 GMT 2009
(Reposted from the WikkaWiki blog,
http://blog.wikkawiki.org/2009/04/17/secunia-advisory-sa34321-how-critical/)
Secunia recently issued a security advisory
(http://secunia.com/advisories/34321/) for WikkaWiki 1.1.6.6 (the most
recent release). Secunia has identified this vulnerability as less
critical. The Wikka devs have also extensively analyzed this exploit,
and have determined that (1) the exploit does exist, and (2) the
exploit requires that a user with administrator rights is logged in.
So long as Wikka administrators are limiting access to their wikis to
a trusted subset of users, we do not believe theres an urgent need to
limit access to existing WikkaWiki installations while we prepare a
security update.
We have always prided ourselves on the attention we give to making
Wikka one of the most secure wiki environments available, and will be
releasing 1.1.6.7 in the very near future to address the issues raised
in the Secunia advisory. In the meantime, we would suggest Wikka
admins continue to exercise common sense and limit administrative
access to only those users whom you explicitly trust.
--
Brian Koontz
Wikka Development Team
Systems Support and Random Tasking Dept.
More information about the community
mailing list