BID:12286

Gallery Multiple Unspecified Input Validation Vulnerabilities

Info

Gallery Multiple Unspecified Input Validation Vulnerabilities

Bugtraq ID:	12286
Class:	Input Validation Error
CVE:
Remote:	Yes
Local:	No
Published:	Jan 17 2005 12:00AM
Updated:	Jan 17 2005 12:00AM
Credit:	These vulnerabilities were announced in a vendor advisory.
Vulnerable:	Gallery Gallery 1.4.4 -pl2 Gallery Gallery 1.4.3 -pl2 Gallery Gallery 1.4.3 -pl1 Gallery Gallery 1.4.2 Gallery Gallery 1.4.1 Gallery Gallery 1.4 -pl2 Gallery Gallery 1.4 -pl1 Gallery Gallery 1.4 Debian Linux 3.0 sparc Debian Linux 3.0 s/390 Debian Linux 3.0 ppc Debian Linux 3.0 mipsel Debian Linux 3.0 mips Debian Linux 3.0 m68k Debian Linux 3.0 ia-64 Debian Linux 3.0 ia-32 Debian Linux 3.0 hppa Debian Linux 3.0 arm Debian Linux 3.0 alpha

Not Vulnerable:

Discussion

Gallery Multiple Unspecified Input Validation Vulnerabilities

Gallery is reported prone to multiple unspecified remote input validation vulnerabilities. It is reported that multiple instances of insufficient sanitization performed on Gallery variables were fixed; reports indicate that these issues may be exploited to disclose Gallery passwords contained in the Gallery database.

Exploit / POC

Gallery Multiple Unspecified Input Validation Vulnerabilities

Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

Solution / Fix

Gallery Multiple Unspecified Input Validation Vulnerabilities

Solution:
Debian has released an advisory (DSA 642-1) and fixes that address these and other issues in gallery. Please see the referenced advisory for further information regarding obtaining and applying appropriate updates.

Debian Linux 3.0 s/390