Executive Summary



This Alert is flagged as TOP 25 Common Weakness Enumeration from CWE/SANS. For more information, you can read this.
Summary
Title Gallery: Multiple vulnerabilities
Informations
Name GLSA-200811-02 First vendor Publication 2008-11-09
Vendor Gentoo Last vendor Modification 2008-11-09
Severity (Vendor) Normal Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
 
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:P/I:P/A:P)
Cvss Base Score 6.8 Attack Range Network
Cvss Impact Score 6.4 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

Synopsis

Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials.

Background

Gallery is an open source web based photo album organizer.

Description

Multiple vulnerabilities have been discovered in Gallery 1 and 2:

* Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600).

* Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662).

* Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129).

* The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130).

Impact

Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials.

Workaround

There is no known workaround at this time.

Resolution

All Gallery 2 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-2.2.6"

All Gallery 1 users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=www-apps/gallery-1.5.9"

References

[ 1 ] CVE-2008-3600 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3600
[ 2 ] CVE-2008-3662 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-3662
[ 3 ] CVE-2008-4129 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4129
[ 4 ] CVE-2008-4130 : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-4130

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

http://security.gentoo.org/glsa/glsa-200811-02.xml

Original Source

Url : http://security.gentoo.org/glsa/glsa-200811-02.xml

CAPEC : Common Attack Pattern Enumeration & Classification

Id Name
CAPEC-102 Session Sidejacking

CWE : Common Weakness Enumeration

% Id Name
50 % CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') (CWE/SANS Top 25)
25 % CWE-310 Cryptographic Issues
25 % CWE-79 Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25)

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 17
Application 2

OpenVAS Exploits

Date Description
2009-02-13 Name : Fedora Update for gallery2 FEDORA-2008-11218
File : nvt/gb_fedora_2008_11218_gallery2_fc10.nasl
2009-02-13 Name : Fedora Update for gallery2 FEDORA-2008-11230
File : nvt/gb_fedora_2008_11230_gallery2_fc8.nasl
2009-02-13 Name : Fedora Update for gallery2 FEDORA-2008-11258
File : nvt/gb_fedora_2008_11258_gallery2_fc9.nasl
2008-11-19 Name : Gentoo Security Advisory GLSA 200811-02 (gallery)
File : nvt/glsa_200811_02.nasl
2008-09-24 Name : FreeBSD Ports: gallery
File : nvt/freebsd_gallery3.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
49127 Gallery HTTPS Session Cookie Secure Flag Weakness
48214 Gallery Symlink ZIP Archive Handling Information Disclosure
48213 Gallery Flash Animation XSS
47429 Gallery contrib/phpBB2/modules.php phpEx Parameter Traversal Local File Inclu...

Gallery contains a flaw that allows a remote attacker to include local files outside of the web path. The issue is due to the 'contrib/phpBB2/modules.php' not properly sanitizing user input, specifically directory traversal style attacks (../../) supplied via the 'phpEx' variable.

Nessus® Vulnerability Scanner

Date Description
2009-04-23 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11218.nasl - Type : ACT_GATHER_INFO
2008-12-15 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11230.nasl - Type : ACT_GATHER_INFO
2008-12-15 Name : The remote Fedora host is missing a security update.
File : fedora_2008-11258.nasl - Type : ACT_GATHER_INFO
2008-11-11 Name : The remote Gentoo host is missing one or more security-related patches.
File : gentoo_GLSA-200811-02.nasl - Type : ACT_GATHER_INFO

Alert History

If you want to see full details history, please login or register.
0
Date Informations
2014-02-17 11:36:07
  • Multiple Updates