Fixed a critical vulnerability in Wikipedia2014-03-21 | Comebuy News
The Wikimedia Foundation has fixed a critical vulnerability in the MediaWiki software used by Wikipedia.org, as well as numerous other wiki sites. Discovered and reported to Wikimedia, the error in the Web platform has been by check point software. The Sicherheitsdiensleister fed up also the malware found in his Threadcloud, to warn its customers of the possible attacks.
The Wikimedia staff classified the error in your Bugzilla database as "obviously very serious" because he would have allowed the execution of shell code in the application server by MediaWiki each remote user. However, his resolve proved "trivial". The security fix with fixed was a more vulnerability in the PDF handler that had opened up after the latest patches. All users of the platform have been prompted to install the latest patch for troubleshooting purposes.
The critical vulnerability CVE-2014-1610 affected all versions of MediaWiki 1.8 for up. According to check point it would have been possible prior to the patch, to insert malicious code into every page of Wikipedia and other wiki sites. It had acted to RCE vulnerability discovered in the platform only to the third since 2006, which would have allowed remote code execution.
"A hacker needs only a single point of failure in a widely used platform to infiltrate and wreak extensive damage to," said Dorit Dor responsible at check point software as Vice President for products. "We are pleased that the MediaWiki platform now is protected prior to this failure, the great security risks for millions of daily users of 'Wiki'-sites could cause."
[with material by Larry Seltzer, ZDNet.com]
Tip: How safe are you in security? Check your knowledge - with 15 questions on silicon.de