FreeBSD : gallery2 -- multiple vulnerabilities (4aab7bcd-b294-11dc-a6f0-00a0cce0781e)

This script is Copyright (C) 2007-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

The Gallery team reports :

Gallery 2.2.4 addresses the following security vulnerabilities :

- Publish XP module - Fixed unauthorized album creation and file
uploads.

- URL rewrite module - Fixed local file inclusion vulnerability in
unsecured admin controller and information disclosure in hotlink
protection.

- Core / add-item modules - Fixed Cross Site Scripting (XSS)
vulnerabilities through malicious file names.

- Installation (Gallery application) - Update web-accessibility
protection of the storage folder for Apache 2.2.

- Core (Gallery application) / MIME module - Fixed vulnerability in
checks for disallowed file extensions in file uploads.

- Gallery Remote module - Added missing permissions checks for some GR
commands.

- WebDAV module - Fixed Cross Site Scripting (XSS) vulnerability
through HTTP PROPPATCH.

- WebDAV module - Fixed information (item data) disclosure in a WebDAV
view.

- Comment module - Fixed information (item data) disclosure in comment
views.

- Core module (Gallery application) - Improved resilience against item
information disclosure attacks.

- Slideshow module - Fixed information (item data) disclosure in the
slideshow.

- Print modules - Fixed information (item data) disclosure in several
print modules.

- Core / print modules - Fixed arbitrary URL redirection (phishing
attacks) in the core module and several print modules.

- WebCam module - Fixed proxied request weakness.

See also :

http://gallery.menalto.com/gallery_2.2.4_released
http://www.nessus.org/u?cd2f1398

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 29796 (freebsd_pkg_4aab7bcdb29411dca6f000a0cce0781e.nasl)

Bugtraq ID:

CVE ID: CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6689
CVE-2007-6690
CVE-2007-6692

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now