Fedora 17 : gallery3-3.0.8-1.fc17 (2013-10168)

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

A security flaw was found in the way uploadify and flowplayer SWF
files handling functionality of Gallery version 3, an open source
project with the goal to develop and support leading photo sharing web
application solutions, processed certain URL fragments passed to these
files (certain URL fragments were not stripped properly when these
files were called via direct URL request(s)). A remote attacker could
use this flaw to conduct replay attacks.

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://galleryproject.org/gallery_3_0_8
http://sourceforge.net/apps/trac/gallery/ticket/2068
http://sourceforge.net/apps/trac/gallery/ticket/2070
http://sourceforge.net/mailarchive/message.php?msg_id=30925931
http://www.nessus.org/u?efe01ba5
http://www.nessus.org/u?3bf624a4
http://www.nessus.org/u?e882c067
http://www.nessus.org/u?b53f03a4

Solution :

Update the affected gallery3 package.

Risk factor :

Medium / CVSS Base Score : 5.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.0
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 67271 ()

Bugtraq ID: 60313

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now