SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Multimedia)  >   Gallery Vendors:   Gallery Project
(Debian Issues Fix) Gallery Input Validation Hole in Search Feature Permits Cross-Site Scripting Attacks
SecurityTracker Alert ID:  1007345
SecurityTracker URL:  http://securitytracker.com/id/1007345
CVE Reference:   CVE-2003-0614   (Links to External Site)
Date:  Jul 31 2003
Impact:   Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 1.1 to 1.3.4
Description:   An input validation vulnerability was reported in Gallery. A remote user can conduct cross-site scripting attacks.

It is reported that the software does not properly filter HTML code from user-supplied input in the caption/description search feature. A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be executed by the target user's browser. The code will originate from the site running the Gallery software and will run in the security context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies), if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.

As a demonstration exploit, you can search for the following string:

<script>alert("You are vulnerable")</script>

The vendor reports that the flaw is due to a typographical error in the security code.

The vendor credits Larry Nguyen with reporting the flaw.

Impact:   A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the Gallery software, access data recently submitted by the target user via web form to the site, or take actions on the site acting as the target user.
Solution:   Debian has released a fix for the current stable distribution (woody) in version 1.25-8woody1 and for the unstable distribution (sid) in version 1.3.4-3.

Debian GNU/Linux 3.0 alias woody:

Source archives:

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.dsc
Size/MD5 checksum: 573 99fd36bbfc4accdb0e492af056d47805
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.diff.gz
Size/MD5 checksum: 7333 0e28ce3c9aafc9c4fb33f857614a7721
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9

Architecture independent components:

http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1_all.deb
Size/MD5 checksum: 132574 d9120f1f49aed1e314410f40aa9573f1

Vendor URL:  gallery.sourceforge.net/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Debian)
Underlying OS Comments:  3.0

Message History:   This archive entry is a follow-up to the message listed below.
Jul 28 2003 Gallery Input Validation Hole in Search Feature Permits Cross-Site Scripting Attacks



 Source Message Contents

Subject:  [SECURITY] [DSA-355-1] New gallery packages fix cross-site scripting



-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 355-1                     security@debian.org
http://www.debian.org/security/                             Matt Zimmerman
July 30th, 2003                         http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gallery
Vulnerability  : cross-site scripting
Problem-Type   : remote
Debian-specific: no
CVE Ids        : CAN-2003-0614

Larry Nguyen discovered a cross site scripting vulnerability in gallery,
a web-based photo album written in php.  This security flaw can allow a
malicious user to craft a URL that executes Javascript code on your
website.

For the current stable distribution (woody) this problem has been fixed
in version 1.25-8woody1.

For the unstable distribution (sid) this problem has been fixed in
version 1.3.4-3.

We recommend that you update your gallery package.

Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.

Debian GNU/Linux 3.0 alias woody
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.dsc
      Size/MD5 checksum:      573 99fd36bbfc4accdb0e492af056d47805
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.diff.gz
      Size/MD5 checksum:     7333 0e28ce3c9aafc9c4fb33f857614a7721
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
      Size/MD5 checksum:   132099 1a32e57b36ca06d22475938e1e1b19f9

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1_all.deb
      Size/MD5 checksum:   132574 d9120f1f49aed1e314410f40aa9573f1

  These files will probably be moved into the stable distribution on
  its next revision.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)

iD8DBQE/KFN7ArxCt0PiXR4RAisfAJ4xIx5EnEjPeJxaY/IF//rYge8ZYQCeLK9s
y2L2odV/uXxq85bD7xmnAJw=
=icsM
-----END PGP SIGNATURE-----


-- 
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC