GLSA-200811-02 : Gallery: Multiple vulnerabilities

medium Nessus Plugin ID 34733

Synopsis

The remote Gentoo host is missing one or more security-related patches.

Description

The remote host is affected by the vulnerability described in GLSA-200811-02 (Gallery: Multiple vulnerabilities)

Multiple vulnerabilities have been discovered in Gallery 1 and 2:
Digital Security Research Group reported a directory traversal vulnerability in contrib/phpBB2/modules.php in Gallery 1, when register_globals is enabled (CVE-2008-3600).
Hanno Boeck reported that Gallery 1 and 2 did not set the secure flag for the session cookie in an HTTPS session (CVE-2008-3662).
Alex Ustinov reported that Gallery 1 and 2 does not properly handle ZIP archives containing symbolic links (CVE-2008-4129).
The vendor reported a Cross-Site Scripting vulnerability in Gallery 2 (CVE-2008-4130).
Impact :

Remote attackers could send specially crafted requests to a server running Gallery, allowing for the execution of arbitrary code when register_globals is enabled, or read arbitrary files via directory traversals otherwise. Attackers could also entice users to visit crafted links allowing for theft of login credentials.
Workaround :

There is no known workaround at this time.

Solution

All Gallery 2 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/gallery-2.2.6' All Gallery 1 users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/gallery-1.5.9'

See Also

https://security.gentoo.org/glsa/200811-02

Plugin Details

Severity: Medium

ID: 34733

File Name: gentoo_GLSA-200811-02.nasl

Version: 1.17

Type: local

Published: 11/11/2008

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:gentoo:linux:gallery, cpe:/o:gentoo:linux

Required KB Items: Host/local_checks_enabled, Host/Gentoo/release, Host/Gentoo/qpkg-list

Exploit Ease: No known exploits are available

Patch Publication Date: 11/9/2008

Reference Information

CVE: CVE-2008-3600, CVE-2008-3662, CVE-2008-4129, CVE-2008-4130

BID: 31231

CWE: 22, 310, 79

GLSA: 200811-02