Posted on: 12/09/03 05:12pm
By: Anonymous (Jason)
As detailed in this article,
http://www.securityfocus.com/guest/24043
Geeklog and/or Gallery can be used to compomise a host. I personally used my own server to test the problem. I was able to write arbitrary data to /tmp, cat the /etc/passwd file, and do anything the "nobody" or "www" user could do on a host.
Maybe this has been addressed in a recent release of Geeklog or Gallery integration, but I'm running geeklog-1.3.8-1sr2 and Gallery integration gallery_1.3.4-pl1_1.3.8.tar.gz. I think those are recent.
It's possible this is just a problem in the Gallery integration (that's where I tested it) but I would imagine any improperly set variable like this (variables used in an include) could cause the same problem.
Thought I should bring it up, in case it hasn't been pointed out or discussed.