249277 – (CVE-2008-5296) www-apps/gallery <1.5.10 Cookie Handling Security Bypass Vulnerability (CVE-2008-5296)

Bug 249277 (CVE-2008-5296) - www-apps/gallery <1.5.10 Cookie Handling Security Bypass Vulnerability (CVE-2008-5296)

Summary: www-apps/gallery <1.5.10 Cookie Handling Security Bypass Vulnerability (CVE-2...

Status:	RESOLVED FIXED

Alias:	CVE-2008-5296

Product:	Gentoo Security
Classification:	Unclassified
Component:	Vulnerabilities (show other bugs)
Hardware:	All Linux

Importance:	High minor (vote)
Assignee:	Gentoo Security

URL:	http://secunia.com/advisories/32817/
Whiteboard:	B3 [noglsa]
Keywords:

Depends on:
Blocks:

Reported:	2008-11-29 17:16 UTC by Robert Buchholz (RETIRED)
Modified:	2009-01-08 23:52 UTC (History)
CC List:	0 users

See Also:
Package list:
Runtime testing required:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Robert Buchholz (RETIRED) gentoo-dev

2008-11-29 17:16:36 UTC

Secunia wrote:

A vulnerability has been reported in Gallery, which can be exploited
by malicious people to bypass certain security restrictions.

The vulnerability is caused due to an unspecified error when handling
certain cookies, which can be exploited to gain administrative access
to the application.

Successful exploitation requires that "register_globals" is enabled.

The vulnerability is reported in Gallery 1.x versions  1.5.8-svn-b34
and later.

SOLUTION:
Update to version 1.5.10.

PROVIDED AND/OR DISCOVERED BY:
The vendor credits John Hisdock.

ORIGINAL ADVISORY:
http://gallery.menalto.com/last_official_G1_releases

Comment 1 Gunnar Wrobel (RETIRED) gentoo-dev

2008-12-03 17:30:47 UTC

www-apps/gallery-1.5.10 is in the tree.

Targets:

  alpha amd64 hppa ppc sparc x86

Comment 2 Raúl Porcel (RETIRED) gentoo-dev

2008-12-05 09:38:17 UTC

alpha/sparc/x86 stable

Comment 3 Jeroen Roovers (RETIRED) gentoo-dev

2008-12-06 18:11:45 UTC

Stable for HPPA.

Comment 4 Tobias Scherbaum (RETIRED) gentoo-dev

2008-12-06 18:56:55 UTC

ppc stable

Comment 5 Markus Meier gentoo-dev

2008-12-08 18:48:34 UTC

amd64 stable, all arches done.

Comment 6 Stefan Behte (RETIRED) gentoo-dev

2008-12-09 22:34:31 UTC

Vote-ready.

Comment 7 Gunnar Wrobel (RETIRED) gentoo-dev

2008-12-28 21:04:52 UTC

Removed vulnerable www-apps/gallery-1.5.9. webapps done

Comment 8 Stefan Behte (RETIRED) gentoo-dev

2009-01-05 22:10:13 UTC

As I may vote now, I vote YES.

Comment 9 Robert Buchholz (RETIRED) gentoo-dev

2009-01-06 22:31:08 UTC

This is with register_globals enabled only, so I would vote NO. That feature alone is a vulnerability and I do not think we should deal with these issues.

Comment 10 Stefan Behte (RETIRED) gentoo-dev

2009-01-08 23:52:56 UTC

I thought again and and reviewed the isse, as register_globals is off by default now, I have changed my mind, I categorized the serverity wrong, this is not worth a GLSA.

Sorry for this, next time I will have a deeper look into it in the beginning.