Info

Disclosure

Jul 03, 2006

Discovery

Unknown

Dates

Exploit

Jul 03, 2006

Solution

Unknown

Description

Hiki contains a flaw that may allow a remote denial of service. The issue is triggered when a diff between two large pages occurs, and will result in loss of availability for the platform.

Classification

Location: Remote / Network Access
Attack Type: Denial of Service
Impact: Loss of Availability
Exploit: Exploit Public
Disclosure: OSVDB Verified
OSVDB: Web Related

Solution

Upgrade to version 0.8.6 or higher, as it has been reported to fix this vulnerability. It is also possible to correct the flaw by implementing the following workaround: Configure the @timeout variable in hikiconf.rb to be lower than the default setting (30)

Products

Hiki Development Team	Hiki	0.6.0
		0.6.1
		0.6.2
		0.6.3
		0.6.4
		0.6.5
		0.8.0
		0.8.1
		0.8.2
		0.8.3
		0.8.4
		0.8.5

References

Bugtraq ID: 18785
CVE ID: 2006-3379 (see also: NVD)
Secunia Advisory ID: 20741 21150
ISS X-Force ID: 27507
VUPEN Advisory: ADV-2006-2643
Vendor Specific News/Changelog Entry: http://hikiwiki.org/en/advisory20060703.html
Other Advisory URL: http://jvn.jp/jp/JVN%2398836916/
http://www.us.debian.org/security/2006/dsa-1119

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Hiki Development Team

Hiki

References

Credit