GLSA Advocate
Joined: 12 May 2004 Posts: 2663
|
Posted: Sun Nov 09, 2008 9:26 pm Post subject: [ GLSA 200811-02 ] Gallery: Multiple vulnerabilities |
|
|
Gentoo Linux Security Advisory
Title: Gallery: Multiple vulnerabilities (GLSA 200811-02)
Severity: normal
Exploitable: remote
Date: November 09, 2008
Updated: May 28, 2009
Bug(s): #234137, #238113
ID: 200811-02
Synopsis
Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials.
Background
Gallery is an open source web based photo album organizer.
Affected Packages
Package: www-apps/gallery
Vulnerable: < 2.2.6
Unaffected: >= 2.2.6
Unaffected: >= 1.5.9 < 1.5.10
Unaffected: >= 1.5.10 < 1.5.11
Architectures: All supported architectures
Description
Multiple vulnerabilities have been discovered in Gallery 1 and 2: - Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600).
- Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662).
- Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129).
- The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130).
Impact
Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials.
Workaround
There is no known workaround at this time.
Resolution
All Gallery 2 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6" | All Gallery 1 users should upgrade to the latest version: Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9" |
References
CVE-2008-3600
CVE-2008-3662
CVE-2008-4129
CVE-2008-4130
Last edited by GLSA on Fri May 29, 2009 4:18 am; edited 1 time in total |
|