258665 – <www-apps/coppermine-1.4.20 Remote PHP File Upload

Bug 258665 - <www-apps/coppermine-1.4.20 Remote PHP File Upload

Summary: <www-apps/coppermine-1.4.20 Remote PHP File Upload

Status:	RESOLVED FIXED

Alias:	None

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High trivial (vote)
Assignee:	Gentoo Security

URL:	http://milw0rm.org/exploits/7909
Whiteboard:	~1 [noglsa]
Keywords:

Depends on:	268186
Blocks:
	Show dependency tree

Reported:	2009-02-12 00:28 UTC by Robert Buchholz (RETIRED)
Modified:	2009-06-11 18:44 UTC (History)
CC List:	1 user (show)

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2009-02-12 00:28:24 UTC

Remote and local file copy vulnerability.

I'm not sure if this is being coordinated upstream.

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-02-23 22:37:22 UTC

Fix available: http://forum.coppermine-gallery.net/index.php/topic,57882.0.html
Remote code exec would be ~1, re-rating.

Comment 2 Robert Buchholz (RETIRED) gentoo-dev

2009-02-24 10:13:17 UTC

aka fixed in 1.4.20.

Comment 3 Alex Legler (RETIRED) archtester

2009-06-11 18:44:12 UTC

+*coppermine-1.4.24 (11 Jun 2009)
+
+  11 Jun 2009; Alex Legler <a3li@gentoo.org> -coppermine-1.4.19.ebuild,
+  +coppermine-1.4.24.ebuild:
+  Non-Maintainer commit: Version bump to fix security bugs 261180, 258665,
+  268186 and 273758.
+