Welcome to Geeklog, Anonymous Thursday, September 28 2023 @ 04:13 am EDT
Geeklog Forums
Geeklog / Gallery vulnerability
Jason
Anonymous

As detailed in this article,
http://www.securityfocus.com/guest/24043
Geeklog and/or Gallery can be used to compomise a host. I personally used my own server to test the problem. I was able to write arbitrary data to /tmp, cat the /etc/passwd file, and do anything the "nobody" or "www" user could do on a host.
Maybe this has been addressed in a recent release of Geeklog or Gallery integration, but I'm running geeklog-1.3.8-1sr2 and Gallery integration gallery_1.3.4-pl1_1.3.8.tar.gz. I think those are recent.
It's possible this is just a problem in the Gallery integration (that's where I tested it) but I would imagine any improperly set variable like this (variables used in an include) could cause the same problem.
Thought I should bring it up, in case it hasn't been pointed out or discussed.
http://www.securityfocus.com/guest/24043
Geeklog and/or Gallery can be used to compomise a host. I personally used my own server to test the problem. I was able to write arbitrary data to /tmp, cat the /etc/passwd file, and do anything the "nobody" or "www" user could do on a host.
Maybe this has been addressed in a recent release of Geeklog or Gallery integration, but I'm running geeklog-1.3.8-1sr2 and Gallery integration gallery_1.3.4-pl1_1.3.8.tar.gz. I think those are recent.
It's possible this is just a problem in the Gallery integration (that's where I tested it) but I would imagine any improperly set variable like this (variables used in an include) could cause the same problem.
Thought I should bring it up, in case it hasn't been pointed out or discussed.
8
12
Quote
All times are EDT. The time is now 04:13 am.
- Normal Topic
- Sticky Topic
- Locked Topic
- New Post
- Sticky Topic W/ New Post
- Locked Topic W/ New Post
- View Anonymous Posts
- Able to post
- Filtered HTML Allowed
- Censored Content