Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-4129

Overview

Vulnerability Score 4.0 4.0
CVE Id CVE-2008-4129
Last Modified 19 Aug 2009 01:19:26
Published 18 Sep 2008 04:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2008-4129

Summary

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

Vulnerable Systems

Application

  • Gallery 1.5.8

  • Gallery 2.2.0

  • Gallery 2.2.1

  • Gallery 2.2.2

  • Gallery 2.2.3

  • Gallery 2.2.4

  • Gallery 2.2.5


References

BID - 31231

CONFIRM - http://gallery.menalto.com/gallery_2.2.6_released

CONFIRM - http://gallery.menalto.com/gallery_1.5.9_released

FEDORA - FEDORA-2008-11258

FEDORA - FEDORA-2008-11230

XF - gallery-ziparchives-information-disclosure(45228)

GENTOO - GLSA-200811-02

SECUNIA - 33144

SECUNIA - 32662

SECUNIA - 31912


Last Updated: 27 May 2016 10:48:24