(Debian Issues Fix) Gallery Input Validation Hole in Search Feature Permits Cross-Site Scripting Attacks
|
|
SecurityTracker Alert ID: 1007345
|
|
CVE Reference: CAN-2003-0614
(Links to External Site)
|
Date: Jul 31 2003
|
Impact: Disclosure of authentication information, Disclosure of user information, Execution of arbitrary code via network, Modification of user information
|
Fix Available: Yes
Vendor Confirmed: Yes
|
Version(s): 1.1 to 1.3.4
|
Description: An input validation vulnerability was reported in Gallery. A remote user can conduct cross-site scripting attacks.
It is reported that the software does not properly filter HTML code from user-supplied input in the caption/description search feature.
A remote user can create a specially crafted URL that, when loaded by a target user, will cause arbitrary scripting code to be
executed by the target user's browser. The code will originate from the site running the Gallery software and will run in the security
context of that site. As a result, the code will be able to access the target user's cookies (including authentication cookies),
if any, associated with the site, access data recently submitted by the target user via web form to the site, or take actions on
the site acting as the target user.
As a demonstration exploit, you can search for the following string:
<script>alert("You
are vulnerable")</script>
The vendor reports that the flaw is due to a typographical error in the security code.
The vendor
credits Larry Nguyen with reporting the flaw.
|
Impact: A remote user can access the target user's cookies (including authentication cookies), if any, associated with the site running the
Gallery software, access data recently submitted by the target user via web form to the site, or take actions on the site acting
as the target user.
|
Solution: Debian has released a fix for the current stable distribution (woody) in version 1.25-8woody1 and for the unstable distribution (sid)
in version 1.3.4-3.
Debian GNU/Linux 3.0 alias woody:
Source archives:
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.dsc
Size/MD5 checksum: 573 99fd36bbfc4accdb0e492af056d47805
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.diff.gz
Size/MD5 checksum: 7333 0e28ce3c9aafc9c4fb33f857614a7721
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gallery/
gallery_1.2.5-8woody1_all.deb
Size/MD5 checksum: 132574 d9120f1f49aed1e314410f40aa9573f1
|
Vendor URL: gallery.sourceforge.net/ (Links to External Site)
|
Cause: Input validation error
|
Underlying OS: Linux (Debian)
|
Underlying OS Comments: 3.0
|
Reported By: Matt Zimmerman <mdz@debian.org>
|
Message History:
This archive entry is a follow-up to the message listed below.
|
Source Message Contents
|
Date: Wed, 30 Jul 2003 19:24:09 -0400
From: Matt Zimmerman <mdz@debian.org>
Subject: [SECURITY] [DSA-355-1] New gallery packages fix cross-site scripting
|
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
- --------------------------------------------------------------------------
Debian Security Advisory DSA 355-1 security@debian.org
http://www.debian.org/security/ Matt Zimmerman
July 30th, 2003 http://www.debian.org/security/faq
- --------------------------------------------------------------------------
Package : gallery
Vulnerability : cross-site scripting
Problem-Type : remote
Debian-specific: no
CVE Ids : CAN-2003-0614
Larry Nguyen discovered a cross site scripting vulnerability in gallery,
a web-based photo album written in php. This security flaw can allow a
malicious user to craft a URL that executes Javascript code on your
website.
For the current stable distribution (woody) this problem has been fixed
in version 1.25-8woody1.
For the unstable distribution (sid) this problem has been fixed in
version 1.3.4-3.
We recommend that you update your gallery package.
Upgrade Instructions
- --------------------
wget url
will fetch the file for you
dpkg -i file.deb
will install the referenced file.
If you are using the apt-get package manager, use the line for
sources.list as given below:
apt-get update
will update the internal database
apt-get upgrade
will install corrected packages
You may use an automated update by adding the resources from the
footer to the proper configuration.
Debian GNU/Linux 3.0 alias woody
- --------------------------------
Source archives:
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.dsc
Size/MD5 checksum: 573 99fd36bbfc4accdb0e492af056d47805
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1.diff.gz
Size/MD5 checksum: 7333 0e28ce3c9aafc9c4fb33f857614a7721
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5.orig.tar.gz
Size/MD5 checksum: 132099 1a32e57b36ca06d22475938e1e1b19f9
Architecture independent components:
http://security.debian.org/pool/updates/main/g/gallery/gallery_1.2.5-8woody1_all.deb
Size/MD5 checksum: 132574 d9120f1f49aed1e314410f40aa9573f1
These files will probably be moved into the stable distribution on
its next revision.
- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.2 (GNU/Linux)
iD8DBQE/KFN7ArxCt0PiXR4RAisfAJ4xIx5EnEjPeJxaY/IF//rYge8ZYQCeLK9s
y2L2odV/uXxq85bD7xmnAJw=
=icsM
-----END PGP SIGNATURE-----
--
To UNSUBSCRIBE, email to debian-security-announce-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
|
|
