Date: 25 September 2008
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AA-2008.0206 AUSCERT Advisory
[Win][UNIX/Linux]
Gallery packages released correctling multiple vulnerabilities
25 September 2008
- ---------------------------------------------------------------------------
AusCERT Advisory Summary
------------------------
Product: Gallery versions prior to 2.2.6
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Read-only Data Access
Access Privileged Data
Cross-site Scripting
Access: Remote/Unauthenticated
CVE Names: CVE-2008-4130 CVE-2008-4139 CVE-2008-3662
Member content until: Wednesday, October 22 2008
Original Bulletin: http://gallery.menalto.com/gallery_2.2.6_released
Revision History: September 25 2008: Corrected CVE Names
September 24 2008: Initial Release
OVERVIEW:
Gallery is an open source web based photo album organizer. Gallery
versions prior to 2.2.6 contain several security vulnerabilities.
IMPACT:
According to the announcement [1], versions of Gallery prior to
2.2.6 contain the following vulnerabilities:
o CVE-2008-4129: "arbitrary file disclosure through archive upload
module - Users with 'add item' permission could retrieve any file
on the server that is owned by the web server account. The
problem is caused by incorrect handling of ZIP archives that
contain symbolic links."
o CVE-2008-3662: "Insecure cookies over HTTPS - When accessing
Gallery over HTTPS, cookies were missing the "secure" flag,
leaving the connection vulnerable to cookie sniffing attacks."
o CVE-2008-4130: "XSS through malicious Flash files - Flash
animations that are embedded in Gallery are no longer allowed to
interact with the embedding page and are no longer allowed to
open network connections."
MITIGATION:
Gallery version 2.2.6 has been released to correct these
vulnerabilities and can be obtained from the Gallery web site [2].
Regarding CVE-2008-4130, the Gallery security advisory also states:
"While this protects visitors of your Gallery from potentially
malicious Flash animations, the Gallery team would like to use this
opportunity to remind you that it is generally highly recommended to
only allow trusted users to add any files to your Gallery."
REFERENCES:
[1] Gallery 2.2.6 Security Fix Release
http://gallery.menalto.com/gallery_2.2.6_released
[2] Gallery2:Download
http://codex.gallery2.org/Gallery2:Download#Packages
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
If you believe that your computer system has been compromised or attacked in
any way, we encourage you to let us know by completing the secure National IT
Incident Reporting Form at:
http://www.auscert.org.au/render.html?it=3192
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQCVAwUBSNrsaCh9+71yA2DNAQI8OwP9FETBYIe9lurPcYICkiiwwfIC6fXD6c5d
b+pMzIOpGDtw1VUOPF9zPF6rTDApmbNpaYlcOQLgKocLk/r+VYN/aO2+fYemGhFW
qbIU0u67+2XzpVX7b2fJ5VQQ9gxs6tu9U06gbe3hLXIrvi4myqB717OqHMbFwrPd
VkC3/TYsi4g=
=ecLe
-----END PGP SIGNATURE-----
|