FreeBSD : gallery2 -- file disclosure vulnerability (47bdabcf-3cf9-11da-baa2-0004614cc33d)

This script is Copyright (C) 2006-2015 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Michael Dipper wrote :

A vulnerability has been discovered in gallery, which allows remote
users unauthorized access to files on the webserver.

A remote user accessing gallery over the web may use specially crafted
HTTP parameters to access arbitrary files located on the webserver.
All files readable by the webserver process are subject to disclosure.
The vulnerability is *not* restricted to the webserver's document root
but extends to the whole server file space.

The vulnerability may be used by any anonymous user, there is no login
to the application required.

See also :

http://dipper.info/security/20051012/
http://www.nessus.org/u?6655ba1e

Solution :

Update the affected package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:H/RL:OF/RC:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21424 (freebsd_pkg_47bdabcf3cf911dabaa20004614cc33d.nasl)

Bugtraq ID: 15108

CVE ID: CVE-2005-3251

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now