Secunia Logo
Netsikker nu! 2008
 
Gallery Multiple Vulnerabilities
Secunia Advisory: SA28163
Release Date: 2007-12-26
Last Update: 2008-01-24
Popularity: 4,174 views

Critical:
Highly critical
Impact: Security Bypass
Cross Site Scripting
Exposure of sensitive information
System access
Where: From remote
Solution Status: Vendor Patch

Software:Gallery 2.x

Subscribe: Instant alerts on relevant vulnerabilities

CVE reference:CVE-2007-6685
CVE-2007-6686
CVE-2007-6687
CVE-2007-6688
CVE-2007-6689
CVE-2007-6690
CVE-2007-6691
CVE-2007-6692
CVE-2007-6693


Description:
Some vulnerabilities and a weakness have been reported in Gallery, where some have unspecified impacts and others can be exploited by malicious users or malicious people to disclose sensitive information, conduct cross-site scripting attacks, bypass certain security restrictions, and potentially compromise a vulnerable system.

1) An unspecified error within the Publish XP module can be exploited to create and upload files without proper authorisation.

2) An unspecified error within the admin controller of the URL rewrite module can be exploited to include local files.

3) Input passed via file names within the core and add-item modules is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

4) An unspecified vulnerability exists within the file extension check of uploaded files in the Core (Gallery application) / MIME module.

5) The Gallery Remote module does not properly verify the permissions for certain GR commands.

6) Certain input passed via HTTP PROPPATCH to the WebDAV module is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

7) Unspecified errors within the WebDAV view of the WebDAV module, the comment view of the Comment module, the Print modules, the hotlink protection of the URL rewrite module, and the slideshows of the Slideshow module can be exploited to disclose potentially sensitive information.

Note: In version 2.2.4, the Core module contains enhanced information disclosure protection and includes a fix for an unspecified redirection weakness.

8) An unspecified weakness related to proxied request exists within the WebCam module.

The vulnerabilities were reported in versions prior to 2.2.4.

Solution:
Update to version 2.2.4.

Provided and/or discovered by:
Reported by the vendor.

Changelog:
2008-01-24: Added CVE reference.

Original Advisory:
http://gallery.menalto.com/gallery_2.2.4_released


Track this Secunia Advisory
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.

Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.

About this Secunia Advisory
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
  
Latest Advisories

Today
New advisories: 19
New vulnerabilities: 68
Updated advisories: 62

Moderately // 250 views
Debian update for php5
Moderately // 186 views
Atarone CMS Multiple Vulnerabilities
Moderately // 217 views
Debian update for squid
Less // 221 views
SUSE update for mercurial
Moderately // 267 views
SUSE update for openssh
Less // 208 views
Fedora update for mediawiki

Solutions | More...  


Send Feedback to Secunia
If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com.

Ideas, suggestions, and other feedback are most welcome.

Most Popular - 3 Hours

1. Debian update for php5 // 62 views
2. Juniper Products Neighbor Discovery Protocol Neighbor Solicitation Vulnerability // 45 views
3. H-Sphere webshell4 Cross-Site Scripting and Request Forgery // 45 views
4. Atarone CMS Multiple Vulnerabilities // 43 views
5. Debian update for squid // 39 views
6. CMME Information Disclosure Security Issues // 39 views
7. MetaGauge Directory Traversal Vulnerability // 35 views
8. SUSE update for openssh // 33 views
9. SUSE update for mercurial // 32 views
10. HP-UX NFS/ONCplus Denial of Service Vulnerability // 31 views