Gentoo Local Security Checks : Gentoo Security Advisory GLSA 200811-02 (gallery)

Búsqueda de Vulnerabilidad		Buscar 219043 Descripciones CVE y 99761 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.61857

Categoría: Gentoo Local Security Checks

Título: Gentoo Security Advisory GLSA 200811-02 (gallery)

Resumen: NOSUMMARY

Descripción: Description:
The remote host is missing updates announced in
advisory GLSA 200811-02.

Multiple vulnerabilities in Gallery may lead to execution of arbitrary
code, disclosure of local files or theft of user's credentials.

Solution:
All Gallery 2 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/gallery-2.2.6'

All Gallery 1 users should upgrade to the latest version:

# emerge --sync
# emerge --ask --oneshot --verbose '>=www-apps/gallery-1.5.9'

http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200811-02
http://bugs.gentoo.org/show_bug.cgi?id=234137
http://bugs.gentoo.org/show_bug.cgi?id=238113

CVSS Score:
6.8

CVSS Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2008-3600
Bugtraq: 20080808 [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3 (Google Search)
http://www.securityfocus.com/archive/1/495284/100/0/threaded
https://www.exploit-db.com/exploits/6222
http://security.gentoo.org/glsa/glsa-200811-02.xml
http://secunia.com/advisories/32662
http://securityreason.com/securityalert/4142
XForce ISS Database: gallery-modules-file-include(44373)
https://exchange.xforce.ibmcloud.com/vulnerabilities/44373
Common Vulnerability Exposure (CVE) ID: CVE-2008-3662
BugTraq ID: 31231
http://www.securityfocus.com/bid/31231
Bugtraq: 20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662 (Google Search)
http://www.securityfocus.com/archive/1/496509/100/0/threaded
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html
http://seclists.org/fulldisclosure/2008/Sep/0379.html
http://int21.de/cve/CVE-2008-3662-gallery.html
http://secunia.com/advisories/33144
Common Vulnerability Exposure (CVE) ID: CVE-2008-4129
http://secunia.com/advisories/31912
XForce ISS Database: gallery-ziparchives-information-disclosure(45228)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45228
Common Vulnerability Exposure (CVE) ID: CVE-2008-4130
http://secunia.com/advisories/31858
XForce ISS Database: gallery-flashanimations-xss(45227)
https://exchange.xforce.ibmcloud.com/vulnerabilities/45227

Copyright Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com

Esta es sólo una de 99761 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.61857
Categoría:	Gentoo Local Security Checks
Título:	Gentoo Security Advisory GLSA 200811-02 (gallery)
Resumen:	NOSUMMARY
Descripción:	Description: The remote host is missing updates announced in advisory GLSA 200811-02. Multiple vulnerabilities in Gallery may lead to execution of arbitrary code, disclosure of local files or theft of user's credentials. Solution: All Gallery 2 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/gallery-2.2.6' All Gallery 1 users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=www-apps/gallery-1.5.9' http://www.securityspace.com/smysecure/catid.html?in=GLSA%20200811-02 http://bugs.gentoo.org/show_bug.cgi?id=234137 http://bugs.gentoo.org/show_bug.cgi?id=238113 CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2008-3600 Bugtraq: 20080808 [DSECRG-08-035] Local File Include Vulnerability in Gallery 1.5.7, 1.6-alpha3 (Google Search) http://www.securityfocus.com/archive/1/495284/100/0/threaded https://www.exploit-db.com/exploits/6222 http://security.gentoo.org/glsa/glsa-200811-02.xml http://secunia.com/advisories/32662 http://securityreason.com/securityalert/4142 XForce ISS Database: gallery-modules-file-include(44373) https://exchange.xforce.ibmcloud.com/vulnerabilities/44373 Common Vulnerability Exposure (CVE) ID: CVE-2008-3662 BugTraq ID: 31231 http://www.securityfocus.com/bid/31231 Bugtraq: 20080918 menalto gallery: Session hijacking vulnerability, CVE-2008-3662 (Google Search) http://www.securityfocus.com/archive/1/496509/100/0/threaded https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html http://seclists.org/fulldisclosure/2008/Sep/0379.html http://int21.de/cve/CVE-2008-3662-gallery.html http://secunia.com/advisories/33144 Common Vulnerability Exposure (CVE) ID: CVE-2008-4129 http://secunia.com/advisories/31912 XForce ISS Database: gallery-ziparchives-information-disclosure(45228) https://exchange.xforce.ibmcloud.com/vulnerabilities/45228 Common Vulnerability Exposure (CVE) ID: CVE-2008-4130 http://secunia.com/advisories/31858 XForce ISS Database: gallery-flashanimations-xss(45227) https://exchange.xforce.ibmcloud.com/vulnerabilities/45227
Copyright	Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com