Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 192869 - <=www-apps/coppermine-1.4.12 Cross Site Scripting and Local File Inclusion (CVE-2007-497[67])
Summary: <=www-apps/coppermine-1.4.12 Cross Site Scripting and Local File Inclusion (C...
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: High minor (vote)
Assignee: Gentoo Security
URL: http://www.securityfocus.com/archive/...
Whiteboard: ~4 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2007-09-17 22:59 UTC by Tobias Heinlein (RETIRED)
Modified: 2007-09-23 15:17 UTC (History)
0 users

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Tobias Heinlein (RETIRED) gentoo-dev 2007-09-17 22:59:11 UTC 
Description:
Coppermine is a multi-purpose fully-featured and integrated
web picture gallery script written in PHP using GD or ImageMagick
as image library with a MySQL backend.

Vulnerabilities:
The script mode.php does not properly sanitize the "referer" parameter.
The script viewlog.php does not properly sanitize the "log" parameter.

Poc/Exploit:
http://localhost/cpg/mode.php?admin_mode=1&referer=javascript:alert(docu
ment.cookie)

http://localhost/cpg/viewlog.php?log=../../../../../../../../../etc/pass
wd%00
(should need admin privileges)

Solution:
Update to 1.4.13 or above
Comment 1 Tobias Heinlein (RETIRED) gentoo-dev 2007-09-17 23:01:17 UTC 
Setting whiteboard status and CC'ing maintainer.
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2007-09-18 04:21:15 UTC 
Thanks for the note! Added coppermine-1.4.13 to the tree. Removed insecure versions. App unstable on all arches, no stabilization required. Web-apps is done here.
Comment 3 Tobias Heinlein (RETIRED) gentoo-dev 2007-09-18 07:10:20 UTC 
No stabilization and no GLSA required here, closing.