[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[linux-security] gallery remote exploit (Debian)

To: linux-security
Subject: [linux-security] gallery remote exploit (Debian)
From: Martin Siegert <siegert@sfu.ca>
Date: Thu, 1 Aug 2002 11:06:27 -0700
User-Agent: Mutt/1.4i

Topic
=====
remote exploit in gallery

Problem Description
===================
A problem was found in gallery (a web-based photo album toolkit): it
was possible to pass in the GALLERY_BASEDIR variable remotely. This
made it possible to execute commands under the uid of web-server.

Affected Systems
================
Webservers that have the gallery package installed.
To my knowledge only Debian 3.0 (woody) is affected.

Not Affected
============
RedHat, SuSE, Mandrake

Solution
========
Debian 3.0 (woody)
------------------
upgrade to gallery_1.2.5-7.woody.0_all.deb

Prev by Date: [linux-security] ALERT: remote root exploit in openssl library (SuSE, Mandrake)
Next by Date: [linux-security] buffer overflow in mod_ssl
Prev by thread: [linux-security] buffer overflow in mod_ssl
Next by thread: [linux-security] ALERT: remote root exploit in openssl library
Index(es):
- Date
- Thread