Gallery GALLERY_BASEDIR PHP file include

gallery-gallerybasedir-file-include (14950)

Medium Risk

Description:

Gallery could allow a remote attacker to include malicious PHP files, caused by a vulnerability in the GALLERY_BASEDIR parameter. A remote attacker could send a specially-crafted URL request to a vulnerable system using the GALLERY_BASEDIR variable to specify a malicious PHP file from a remote or local system as a parameter, which would allow the attacker to execute code on the vulnerable Web server.

Platforms Affected:

• Gallery, Gallery 1.3.1
• Gallery, Gallery 1.3.2
• Gallery, Gallery 1.3.3
• Gallery, Gallery 1.4
• Gallery, Gallery 1.4.1
• Gentoo, Linux

Remedy:

Upgrade to the latest version of Gallery (1.4.2-RC1 or later), available from the Gallery Web site. See References.

For Gentoo Linux:
Upgrade to the latest version of gallery (1.4.1_p1 or later), as listed in Gentoo Linux Security Announcement 200402-04. See References.

For other distributions:
Contact your vendor for upgrade or patch information.

Consequences:

Gain Access

References:

• Gallery Web site, Gallery :: your photos on your website at http://gallery.menalto.com/modules.php?op=modload&name=News&file=index.
• Gentoo Linux Security Announcement 200402-04, Gallery <= 1.4.1 remote exploit vulnerability at http://www.linuxsecurity.com/content/view/105724/104/. (From LinuxSecurity archive)
• BID-9490: Gallery Remote Global Variable Injection Vulnerability
• CVE-2004-2124: The register_globals simulation capability in Gallery 1.3.1 through 1.4.1 allows remote attackers to modify the HTTP_POST_VARS variable and conduct a PHP remote file inclusion attack via the GALLERY_BASEDIR parameter, a different vulnerability than CVE-2002-1412.
• OSVDB ID: 3737: Gallery HTTP Global Variables File Inclusion
• SA10712: Gallery Arbitrary File Inclusion Vulnerability

Reported:

Jan 26, 2004

The information within this database may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the author/distributor (Internet Security Systems X-Force) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.

Copyright (c) 1994-2008 Internet Security Systems, Inc. All rights reserved worldwide.

For corrections or additions please email xforce@iss.net

Return to the main page