This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.
The remote Gentoo host is missing one or more security-related
The remote host is affected by the vulnerability described in GLSA-200409-05
(Gallery: Arbitrary command execution)
The upload handling code in Gallery places uploaded files in a
temporary directory. After 30 seconds, these files are deleted if they
are not valid images. However, since the file exists for 30 seconds, a
carefully crafted script could be initiated by the remote attacker
during this 30 second timeout. Note that the temporary directory has to
be located inside the webroot and an attacker needs to have upload
rights either as an authenticated user or via 'EVERYBODY'.
An attacker could run arbitrary code as the user running PHP.
There are several workarounds to this vulnerability:
Make sure that your temporary directory is not contained in the
by default it is located outside the webroot.
Disable upload rights to all albums for 'EVERYBODY'
disabled by default.
Disable debug and dev mode
these settings are disabled by
Disable allow_url_fopen in php.ini.
See also :
All Gallery users should upgrade to the latest version:
# emerge sync
# emerge -pv '>=www-apps/gallery-1.4.4_p2'
# emerge '>=www-apps/gallery-1.4.4_p2'
Risk factor :
High / CVSS Base Score : 7.5
Family: Gentoo Local Security Checks
Nessus Plugin ID: 14652 (gentoo_GLSA-200409-05.nasl)
CVE ID: CVE-2004-1466
Upgrade to Nessus Professional today!
Start your free Nessus Cloud trial now!
Begin Free Trial
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.