Search...

Debian Security Advisory DSA 512-1 (gallery)

2008-01-17T00:00:00

ID OPENVAS:53202
Type openvas
Reporter Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com
Modified 2017-07-07T00:00:00

Description

The remote host is missing an update to gallery announced via advisory DSA 512-1.

                                        
                                            # OpenVAS Vulnerability Test
# $Id: deb_512_1.nasl 6616 2017-07-07 12:10:49Z cfischer $
# Description: Auto-generated from advisory DSA 512-1
#
# Authors:
# Thomas Reinke &lt;reinke@securityspace.com&gt;
#
# Copyright:
# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com
# Text descriptions are largerly excerpted from the referenced
# advisory, and are Copyright (c) the respective author(s)
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2,
# as published by the Free Software Foundation
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
#

include("revisions-lib.inc");
tag_insight = "A vulnerability was discovered in gallery, a web-based photo album
written in php, whereby a remote attacker could gain access to the
gallery admin user without proper authentication.  No CVE candidate
was available for this vulnerability at the time of release.

For the current stable distribution (woody), these problems have been
fixed in version 1.2.5-8woody2.

For the unstable distribution (sid), these problems have been fixed in
version 1.4.3-pl2-1.

We recommend that you update your gallery package.";
tag_summary = "The remote host is missing an update to gallery
announced via advisory DSA 512-1.";

tag_solution = "https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20512-1";

if(description)
{
 script_id(53202);
 script_cve_id("CVE-2004-0522");
 script_version("$Revision: 6616 $");
 script_tag(name:"last_modification", value:"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $");
 script_tag(name:"creation_date", value:"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)");
 script_tag(name:"cvss_base", value:"10.0");
 script_tag(name:"cvss_base_vector", value:"AV:N/AC:L/Au:N/C:C/I:C/A:C");
 script_name("Debian Security Advisory DSA 512-1 (gallery)");



 script_category(ACT_GATHER_INFO);

 script_copyright("Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com");
 script_family("Debian Local Security Checks");
 script_dependencies("gather-package-list.nasl");
 script_mandatory_keys("ssh/login/debian_linux", "ssh/login/packages");
 script_tag(name : "solution" , value : tag_solution);
 script_tag(name : "insight" , value : tag_insight);
 script_tag(name : "summary" , value : tag_summary);
 script_tag(name:"qod_type", value:"package");
 script_tag(name:"solution_type", value:"VendorFix");
 exit(0);
}

#
# The script code starts here
#

include("pkg-lib-deb.inc");

res = "";
report = "";
if ((res = isdpkgvuln(pkg:"gallery", ver:"1.2.5-8woody2", rls:"DEB3.0")) != NULL) {
    report += res;
}

if (report != "") {
    security_message(data:report);
} else if (__pkg_match) {
    exit(99); # Not vulnerable.
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:53202", "type": "openvas", "bulletinFamily": "scanner", "title": "Debian Security Advisory DSA 512-1 (gallery)", "description": "The remote host is missing an update to gallery\nannounced via advisory DSA 512-1.", "published": "2008-01-17T00:00:00", "modified": "2017-07-07T00:00:00", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=53202", "reporter": "Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com", "references": [], "cvelist": ["CVE-2004-0522"], "lastseen": "2017-07-24T12:49:52", "viewCount": 0, "enchantments": {"score": {"value": 6.9, "vector": "NONE", "modified": "2017-07-24T12:49:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2004-0522"]}, {"type": "nessus", "idList": ["GENTOO_GLSA-200406-10.NASL", "DEBIAN_DSA-512.NASL", "FREEBSD_PKG_253EA131BD1211D8B07100E08110B673.NASL", "FREEBSD_GALLERY_1432.NASL", "GALLERY_AUTH_BYPASS.NASL"]}, {"type": "freebsd", "idList": ["253EA131-BD12-11D8-B071-00E08110B673"]}, {"type": "osvdb", "idList": ["OSVDB:6524"]}, {"type": "gentoo", "idList": ["GLSA-200406-10"]}, {"type": "openvas", "idList": ["OPENVAS:54595", "OPENVAS:52452"]}], "modified": "2017-07-24T12:49:52", "rev": 2}, "vulnersScore": 6.9}, "pluginID": "53202", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: deb_512_1.nasl 6616 2017-07-07 12:10:49Z cfischer $\n# Description: Auto-generated from advisory DSA 512-1\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2007 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largerly excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"A vulnerability was discovered in gallery, a web-based photo album\nwritten in php, whereby a remote attacker could gain access to the\ngallery admin user without proper authentication. No CVE candidate\nwas available for this vulnerability at the time of release.\n\nFor the current stable distribution (woody), these problems have been\nfixed in version 1.2.5-8woody2.\n\nFor the unstable distribution (sid), these problems have been fixed in\nversion 1.4.3-pl2-1.\n\nWe recommend that you update your gallery package.\";\ntag_summary = \"The remote host is missing an update to gallery\nannounced via advisory DSA 512-1.\";\n\ntag_solution = \"https://secure1.securityspace.com/smysecure/catid.html?in=DSA%20512-1\";\n\nif(description)\n{\n script_id(53202);\n script_cve_id(\"CVE-2004-0522\");\n script_version(\"$Revision: 6616 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 14:10:49 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-01-17 22:45:44 +0100 (Thu, 17 Jan 2008)\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Debian Security Advisory DSA 512-1 (gallery)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Debian Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/debian_linux\", \"ssh/login/packages\");\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gallery\", ver:\"1.2.5-8woody2\", rls:\"DEB3.0\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "naslFamily": "Debian Local Security Checks"}

{"cve": [{"lastseen": "2020-10-03T11:33:38", "description": "Gallery 1.4.3 and earlier allows remote attackers to bypass authentication and obtain Gallery administrator privileges.", "edition": 3, "cvss3": {}, "published": "2004-08-06T04:00:00", "title": "CVE-2004-0522", "type": "cve", "cwe": ["NVD-CWE-Other"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": true, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 10.0, "vectorString": "AV:N/AC:L/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2004-0522"], "modified": "2017-07-11T01:30:00", "cpe": ["cpe:/a:gallery_project:gallery:1.4.3_pl1", "cpe:/a:gallery_project:gallery:1.4.2", "cpe:/o:debian:debian_linux:3.0", "cpe:/a:gallery_project:gallery:1.4.1", "cpe:/a:gallery_project:gallery:1.4_pl1", "cpe:/a:gallery_project:gallery:1.4", "cpe:/a:gallery_project:gallery:1.4_pl2"], "id": "CVE-2004-0522", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2004-0522", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:o:debian:debian_linux:3.0:*:ppc:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4_pl2:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:alpha:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:mips:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4.1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:hppa:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:arm:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4_pl1:*:*:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4.3_pl1:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:s-390:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:ia-64:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:sparc:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:m68k:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:ia-32:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4.2:*:*:*:*:*:*:*", "cpe:2.3:a:gallery_project:gallery:1.4:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:*:*:*:*:*:*", "cpe:2.3:o:debian:debian_linux:3.0:*:mipsel:*:*:*:*:*"]}], "gentoo": [{"lastseen": "2016-09-06T19:46:37", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0522"], "edition": 1, "description": "### Background\n\nGallery is a web application written in PHP which is used to organize and publish photo albums. It allows multiple users to build and maintain their own albums. It also supports the mirroring of images on other servers. \n\n### Description\n\nThere is a vulnerability in the Gallery photo album software which may allow an attacker to gain administrator privileges within Gallery. A Gallery administrator has full access to all albums and photos on the server, thus attackers may add or delete photos at will. \n\n### Impact\n\nAttackers may gain full access to all Gallery albums. There is no risk to the webserver itself, or the server on which it runs. \n\n### Workaround\n\nThere is no known workaround at this time. All users are encouraged to upgrade to the latest available version. \n\n### Resolution\n\nAll users should upgrade to the latest available version of Gallery. \n \n \n # emerge sync\n \n # emerge -pv \">=www-apps/gallery-1.4.3_p2\"\n # emerge \">=www-apps/gallery-1.4.3_p2\"", "modified": "2006-05-22T00:00:00", "published": "2004-06-15T00:00:00", "id": "GLSA-200406-10", "href": "https://security.gentoo.org/glsa/200406-10", "type": "gentoo", "title": "Gallery: Privilege escalation vulnerability", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "osvdb": [{"lastseen": "2017-04-28T13:20:01", "bulletinFamily": "software", "cvelist": ["CVE-2004-0522"], "edition": 1, "description": "## Vulnerability Description\nGallery contains a flaw that may allow a malicious user to gain administrative access. The issue is triggered when a specially crafted URL is passed to init.php to bypass authentication. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of integrity.\n## Solution Description\nUpgrade to version 1.4.3-pl2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.\n## Short Description\nGallery contains a flaw that may allow a malicious user to gain administrative access. The issue is triggered when a specially crafted URL is passed to init.php to bypass authentication. It is possible that the flaw may allow unauthorized administrative access resulting in a loss of integrity.\n## References:\n[Vendor Specific Advisory URL](http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123&mode=thread&order=0&thold=0)\n[Vendor Specific Advisory URL](http://www.debian.org/security/2004/dsa-512)\n[Vendor Specific Advisory URL](http://marc.theaimsgroup.com/?l=gallery-announce&m=108611866223848&w=2)\n[Secunia Advisory ID:11758](https://secuniaresearch.flexerasoftware.com/advisories/11758/)\n[Secunia Advisory ID:11873](https://secuniaresearch.flexerasoftware.com/advisories/11873/)\n[Secunia Advisory ID:11752](https://secuniaresearch.flexerasoftware.com/advisories/11752/)\nOther Advisory URL: http://marc.theaimsgroup.com/?l=full-disclosure&m=108620102113244&w=2\nOther Advisory URL: http://security.gentoo.org/glsa/glsa-200406-10.xml\nISS X-Force ID: 16301\n[CVE-2004-0522](https://vulners.com/cve/CVE-2004-0522)\n", "modified": "2004-06-01T00:00:00", "published": "2004-06-01T00:00:00", "href": "https://vulners.com/osvdb/OSVDB:6524", "id": "OSVDB:6524", "type": "osvdb", "title": "Gallery init.php Authentication Bypass", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "openvas": [{"lastseen": "2017-07-02T21:10:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "description": "The remote host is missing an update to the system\nas announced in the referenced advisory.", "modified": "2016-09-20T00:00:00", "published": "2008-09-04T00:00:00", "id": "OPENVAS:52452", "href": "http://plugins.openvas.org/nasl.php?oid=52452", "type": "openvas", "title": "FreeBSD Ports: gallery", "sourceData": "#\n#VID 253ea131-bd12-11d8-b071-00e08110b673\n# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from vuxml or freebsd advisories\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"The following package is affected: gallery\n\nCVE-2004-0522\nGallery 1.4.3 and earlier allows remote attackers to bypass\nauthentication and obtain Gallery administrator privileges.\";\ntag_solution = \"Update your system with the appropriate patches or\nsoftware upgrades.\n\nhttp://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123\nhttp://secunia.com/advisories/11752\nhttp://www.vuxml.org/freebsd/253ea131-bd12-11d8-b071-00e08110b673.html\";\ntag_summary = \"The remote host is missing an update to the system\nas announced in the referenced advisory.\";\n\n\nif(description)\n{\n script_id(52452);\n script_version(\"$Revision: 4118 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-09-20 07:32:38 +0200 (Tue, 20 Sep 2016) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-04 20:41:11 +0200 (Thu, 04 Sep 2008)\");\n script_bugtraq_id(10451);\n script_cve_id(\"CVE-2004-0522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"FreeBSD Ports: gallery\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"FreeBSD Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/freebsdrel\", \"login/SSH/success\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-bsd.inc\");\n\ntxt = \"\";\nvuln = 0;\nbver = portver(pkg:\"gallery\");\nif(!isnull(bver) && revcomp(a:bver, b:\"1.4.3.2\")<0) {\n txt += 'Package gallery version ' + bver + ' is installed which is known to be vulnerable.\\n';\n vuln = 1;\n}\n\nif(vuln) {\n security_message(data:string(txt));\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2017-07-24T12:50:15", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "description": "The remote host is missing updates announced in\nadvisory GLSA 200406-10.", "modified": "2017-07-07T00:00:00", "published": "2008-09-24T00:00:00", "id": "OPENVAS:54595", "href": "http://plugins.openvas.org/nasl.php?oid=54595", "type": "openvas", "title": "Gentoo Security Advisory GLSA 200406-10 (gallery)", "sourceData": "# OpenVAS Vulnerability Test\n# $\n# Description: Auto generated from Gentoo's XML based advisory\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2008 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisories, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_insight = \"There is a vulnerability in the Gallery photo album software which may\nallow an attacker to gain administrator privileges within Gallery.\";\ntag_solution = \"All users should upgrade to the latest available version of Gallery.\n\n # emerge sync\n\n # emerge -pv '>=app-misc/gallery-1.4.3_p2'\n # emerge '>=app-misc/gallery-1.4.3_p2'\n\nhttp://www.securityspace.com/smysecure/catid.html?in=GLSA%20200406-10\nhttp://bugs.gentoo.org/show_bug.cgi?id=52798\nhttp://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123&mode=thread&order=0&thold=0\";\ntag_summary = \"The remote host is missing updates announced in\nadvisory GLSA 200406-10.\";\n\n \n\nif(description)\n{\n script_id(54595);\n script_cve_id(\"CVE-2004-0522\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_version(\"$Revision: 6596 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-07-07 11:21:37 +0200 (Fri, 07 Jul 2017) $\");\n script_tag(name:\"creation_date\", value:\"2008-09-24 21:14:03 +0200 (Wed, 24 Sep 2008)\");\n script_name(\"Gentoo Security Advisory GLSA 200406-10 (gallery)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n\n script_copyright(\"Copyright (c) 2005 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Gentoo Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/gentoo\", \"ssh/login/pkg\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-gentoo.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = ispkgvuln(pkg:\"app-misc/gallery\", unaffected: make_list(\"ge 1.4.3_p2\"), vulnerable: make_list(\"le 1.4.3_p1\"))) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "nessus": [{"lastseen": "2016-09-26T17:26:23", "edition": 1, "description": "The following package needs to be updated: gallery", "published": "2004-07-06T00:00:00", "type": "nessus", "title": "FreeBSD : Gallery 1.4.3 and ealier user authentication bypass (54)", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "modified": "2004-07-06T00:00:00", "id": "FREEBSD_GALLERY_1432.NASL", "href": "https://www.tenable.com/plugins/index.php?view=single&id=12544", "sourceData": "# @DEPRECATED@\n#\n# This script has been deprecated by freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl.\n#\n# Disabled on 2011/10/02.\n#\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# This script contains information extracted from VuXML :\n#\n# Copyright 2003-2006 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n#\n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n#\n#\n\ninclude('compat.inc');\n\nif ( description )\n{\n script_id(12544);\n script_version(\"$Revision: 1.10 $\");\n script_cve_id(\"CVE-2004-0522\");\n\n script_name(english:\"FreeBSD : Gallery 1.4.3 and ealier user authentication bypass (54)\");\n\nscript_set_attribute(attribute:'synopsis', value: 'The remote host is missing a security update');\nscript_set_attribute(attribute:'description', value:'The following package needs to be updated: gallery');\nscript_set_attribute(attribute: 'cvss_vector', value: 'CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C');\nscript_set_attribute(attribute:'solution', value: 'Update the package on the remote host');\nscript_set_attribute(attribute: 'see_also', value: 'http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123\nhttp://labs.idefense.com/intelligence/vulnerabilities/display.php?id=482\nhttp://rus.members.beeb.net/xzgv.html\nhttp://secunia.com/advisories/11752\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-37.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-38.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-39.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-40.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-41.html\nhttp://www.mozilla.org/security/announce/2008/mfsa2008-42.html');\nscript_set_attribute(attribute:'see_also', value: 'http://www.FreeBSD.org/ports/portaudit/253ea131-bd12-11d8-b071-00e08110b673.html');\n\n script_set_attribute(attribute:\"plugin_publication_date\", value: \"2004/07/06\");\n script_end_attributes();\n script_summary(english:\"Check for gallery\");\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2010 Tenable Network Security, Inc.\");\n family[\"english\"] = \"FreeBSD Local Security Checks\";\n script_family(english:family[\"english\"]);\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/FreeBSD/pkg_info\");\n exit(0);\n}\n\n# Deprecated.\nexit(0, \"This plugin has been deprecated. Refer to plugin #38140 (freebsd_pkg_253ea131bd1211d8b07100e08110b673.nasl) instead.\");\n\nglobal_var cvss_score;\ncvss_score=10;\ninclude('freebsd_package.inc');\n\n\npkg_test(pkg:\"gallery<1.4.3.2\");\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2021-01-06T10:02:51", "description": "A vulnerability was discovered in gallery, a web-based photo album\nwritten in php, whereby a remote attacker could gain access to the\ngallery 'admin' user without proper authentication. No CVE candidate\nwas available for this vulnerability at the time of release.", "edition": 27, "published": "2004-09-29T00:00:00", "title": "Debian DSA-512-1 : gallery - unauthenticated access", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "modified": "2004-09-29T00:00:00", "cpe": ["cpe:/o:debian:debian_linux:3.0", "p-cpe:/a:debian:debian_linux:gallery"], "id": "DEBIAN_DSA-512.NASL", "href": "https://www.tenable.com/plugins/nessus/15349", "sourceData": "#%NASL_MIN_LEVEL 70300\n\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-512. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(15349);\n script_version(\"1.24\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_cve_id(\"CVE-2004-0522\");\n script_bugtraq_id(10451);\n script_xref(name:\"DSA\", value:\"512\");\n\n script_name(english:\"Debian DSA-512-1 : gallery - unauthenticated access\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A vulnerability was discovered in gallery, a web-based photo album\nwritten in php, whereby a remote attacker could gain access to the\ngallery 'admin' user without proper authentication. No CVE candidate\nwas available for this vulnerability at the time of release.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.debian.org/security/2004/dsa-512\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"For the current stable distribution (woody), these problems have been\nfixed in version 1.2.5-8woody2.\n\nWe recommend that you update your gallery package.\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:gallery\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:3.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/02\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/09/29\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"3.0\", prefix:\"gallery\", reference:\"1.2.5-8woody2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:51:50", "description": "The remote host is affected by the vulnerability described in GLSA-200406-10\n(Gallery: Privilege escalation vulnerability)\n\n There is a vulnerability in the Gallery photo album software which may\n allow an attacker to gain administrator privileges within Gallery. A\n Gallery administrator has full access to all albums and photos on the\n server, thus attackers may add or delete photos at will.\n \nImpact :\n\n Attackers may gain full access to all Gallery albums. There is no risk\n to the webserver itself, or the server on which it runs.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version.", "edition": 25, "published": "2004-08-30T00:00:00", "title": "GLSA-200406-10 : Gallery: Privilege escalation vulnerability", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "modified": "2004-08-30T00:00:00", "cpe": ["cpe:/o:gentoo:linux", "p-cpe:/a:gentoo:linux:gallery"], "id": "GENTOO_GLSA-200406-10.NASL", "href": "https://www.tenable.com/plugins/nessus/14521", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were\n# extracted from Gentoo Linux Security Advisory GLSA 200406-10.\n#\n# The advisory text is Copyright (C) 2001-2017 Gentoo Foundation, Inc.\n# and licensed under the Creative Commons - Attribution / Share Alike \n# license. See http://creativecommons.org/licenses/by-sa/3.0/\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(14521);\n script_version(\"1.18\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0522\");\n script_xref(name:\"GLSA\", value:\"200406-10\");\n\n script_name(english:\"GLSA-200406-10 : Gallery: Privilege escalation vulnerability\");\n script_summary(english:\"Checks for updated package(s) in /var/db/pkg\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\n\"The remote Gentoo host is missing one or more security-related\npatches.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"The remote host is affected by the vulnerability described in GLSA-200406-10\n(Gallery: Privilege escalation vulnerability)\n\n There is a vulnerability in the Gallery photo album software which may\n allow an attacker to gain administrator privileges within Gallery. A\n Gallery administrator has full access to all albums and photos on the\n server, thus attackers may add or delete photos at will.\n \nImpact :\n\n Attackers may gain full access to all Gallery albums. There is no risk\n to the webserver itself, or the server on which it runs.\n \nWorkaround :\n\n There is no known workaround at this time. All users are encouraged to\n upgrade to the latest available version.\"\n );\n # http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123&mode=thread&order=0&thold=0\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?9cd326b9\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://security.gentoo.org/glsa/200406-10\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"All users should upgrade to the latest available version of Gallery.\n # emerge sync\n # emerge -pv '>=www-apps/gallery-1.4.3_p2'\n # emerge '>=www-apps/gallery-1.4.3_p2'\"\n );\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:gentoo:linux:gallery\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:gentoo:linux\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/15\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/08/30\");\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n script_family(english:\"Gentoo Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Gentoo/release\", \"Host/Gentoo/qpkg-list\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"qpkg.inc\");\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Gentoo/release\")) audit(AUDIT_OS_NOT, \"Gentoo\");\nif (!get_kb_item(\"Host/Gentoo/qpkg-list\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (qpkg_check(package:\"www-apps/gallery\", unaffected:make_list(\"ge 1.4.3_p2\"), vulnerable:make_list(\"le 1.4.3_p1\"))) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse\n{\n tested = qpkg_tests_get();\n if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);\n else audit(AUDIT_PACKAGE_NOT_INSTALLED, \"Gallery\");\n}\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-07T10:40:41", "description": "A flaw exists in Gallery versions previous to 1.4.3-pl1 and post 1.2\nwhich may give an attacker the potential to log in under the 'admin'\naccount. Data outside of the gallery is unaffected and the attacker\ncannot modify any data other than the photos or photo albums.", "edition": 25, "published": "2009-04-23T00:00:00", "title": "FreeBSD : Gallery 1.4.3 and ealier user authentication bypass (253ea131-bd12-11d8-b071-00e08110b673)", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "modified": "2009-04-23T00:00:00", "cpe": ["cpe:/o:freebsd:freebsd", "p-cpe:/a:freebsd:freebsd:gallery"], "id": "FREEBSD_PKG_253EA131BD1211D8B07100E08110B673.NASL", "href": "https://www.tenable.com/plugins/nessus/38140", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from the FreeBSD VuXML database :\n#\n# Copyright 2003-2018 Jacques Vidrine and contributors\n#\n# Redistribution and use in source (VuXML) and 'compiled' forms (SGML,\n# HTML, PDF, PostScript, RTF and so forth) with or without modification,\n# are permitted provided that the following conditions are met:\n# 1. Redistributions of source code (VuXML) must retain the above\n# copyright notice, this list of conditions and the following\n# disclaimer as the first lines of this file unmodified.\n# 2. Redistributions in compiled form (transformed to other DTDs,\n# published online in any format, converted to PDF, PostScript,\n# RTF and other formats) must reproduce the above copyright\n# notice, this list of conditions and the following disclaimer\n# in the documentation and/or other materials provided with the\n# distribution.\n# \n# THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS \"AS IS\"\n# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,\n# THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR\n# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS\n# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,\n# OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT\n# OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR\n# BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,\n# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE\n# OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,\n# EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(38140);\n script_version(\"1.13\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/06\");\n\n script_cve_id(\"CVE-2004-0522\");\n script_xref(name:\"Secunia\", value:\"11752\");\n\n script_name(english:\"FreeBSD : Gallery 1.4.3 and ealier user authentication bypass (253ea131-bd12-11d8-b071-00e08110b673)\");\n script_summary(english:\"Checks for updated package in pkg_info output\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote FreeBSD host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"A flaw exists in Gallery versions previous to 1.4.3-pl1 and post 1.2\nwhich may give an attacker the potential to log in under the 'admin'\naccount. Data outside of the gallery is unaffected and the attacker\ncannot modify any data other than the photos or photo albums.\"\n );\n # http://gallery.menalto.com/modules.php?op=modload&name=News&file=article&sid=123\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?ea165205\"\n );\n # https://vuxml.freebsd.org/freebsd/253ea131-bd12-11d8-b071-00e08110b673.html\n script_set_attribute(\n attribute:\"see_also\",\n value:\"http://www.nessus.org/u?f3db287c\"\n );\n script_set_attribute(attribute:\"solution\", value:\"Update the affected package.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:freebsd:freebsd:gallery\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:freebsd:freebsd\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/24\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/23\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2009-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"FreeBSD Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/FreeBSD/release\", \"Host/FreeBSD/pkg_info\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"freebsd_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/FreeBSD/release\")) audit(AUDIT_OS_NOT, \"FreeBSD\");\nif (!get_kb_item(\"Host/FreeBSD/pkg_info\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\n\nif (pkg_test(save_report:TRUE, pkg:\"gallery<1.4.3.2\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2021-01-20T10:59:00", "description": "The version of Gallery hosted on the remote web server is affected by\nan authentication bypass issue. A flaw exists that may allow an\nattacker to bypass the authentication mechanism of this software by\nmaking requests including the options 'GALLERY_EMBEDDED_INSIDE' and\n'GALLERY_EMBEDDED_INSIDE_TYPE'. An attacker who can bypass\nauthentication will obtain Gallery administrator privileges.", "edition": 27, "published": "2004-06-15T00:00:00", "title": "Gallery init.php Authentication Bypass", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2004-0522"], "modified": "2004-06-15T00:00:00", "cpe": ["cpe:/a:gallery_project:gallery"], "id": "GALLERY_AUTH_BYPASS.NASL", "href": "https://www.tenable.com/plugins/nessus/12278", "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(12278);\n script_version(\"1.20\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/19\");\n\n script_cve_id(\"CVE-2004-0522\");\n script_bugtraq_id(10451);\n\n script_name(english:\"Gallery init.php Authentication Bypass\");\n script_summary(english:\"Attempts to bypass authentication in Gallery\");\n\n script_set_attribute(\n attribute:\"synopsis\",\n value:\n\"The remote host is running a PHP application that is affected by an\nauthentication bypass vulnerability.\"\n );\n script_set_attribute(\n attribute:\"description\",\n value:\n\"The version of Gallery hosted on the remote web server is affected by\nan authentication bypass issue. A flaw exists that may allow an\nattacker to bypass the authentication mechanism of this software by\nmaking requests including the options 'GALLERY_EMBEDDED_INSIDE' and\n'GALLERY_EMBEDDED_INSIDE_TYPE'. An attacker who can bypass\nauthentication will obtain Gallery administrator privileges.\"\n );\n script_set_attribute(attribute:\"see_also\", value:\"http://galleryproject.org/node/123\");\n script_set_attribute(attribute:\"solution\", value:\"Upgrade to Gallery 1.4.3-pl2 or later.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:ND/RC:ND\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No exploit is required\");\n script_set_attribute(attribute:\"exploit_available\", value:\"true\");\n\n script_set_attribute(attribute:\"vuln_publication_date\", value:\"2004/06/01\");\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2004/06/01\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2004/06/15\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"remote\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/a:gallery_project:gallery\");\n script_end_attributes();\n\n script_category(ACT_ATTACK);\n script_family(english:\"CGI abuses\");\n\n script_copyright(english:\"This script is Copyright (C) 2004-2021 Tenable Network Security, Inc.\");\n\n script_dependencies(\"gallery_detect.nasl\");\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_require_keys(\"www/gallery\", \"www/PHP\");\n script_require_ports(\"Services/www\", 80);\n\n exit(0);\n}\n\n#\n# The script code starts here\n\n\ninclude(\"audit.inc\");\ninclude(\"global_settings.inc\");\ninclude(\"misc_func.inc\");\ninclude(\"http.inc\");\ninclude(\"webapp_func.inc\");\n\nport = get_http_port(default:80, php:TRUE);\n\ninstall = get_install_from_kb(\n appname:\"gallery\",\n port:port,\n exit_on_fail:TRUE\n);\n\ndir = install[\"dir\"];\n\nr = http_send_recv3(\n method : \"GET\",\n item : dir + \"/index.php\",\n port : port,\n exit_on_fail : TRUE\n);\n\nif (egrep(pattern:'<span class=\"admin\"><a id=\"popuplink_1\".*\\\\[login\\\\]', string:r[2]))\n{\n r = http_send_recv3(\n method : \"GET\",\n item : dir + \"/index.php?GALLERY_EMBEDDED_INSIDE=y\",\n port : port,\n exit_on_fail : TRUE\n );\n\n if (!egrep(pattern:'<span class=\"admin\"><a id=\"popuplink_1\".*\\\\[login\\\\]', string:r[2]))\n {\n security_hole(port);\n exit(0);\n }\n}\n\naudit(AUDIT_WEB_APP_NOT_AFFECTED, \"Gallery\", build_url(qs:dir,port:port));\n", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "freebsd": [{"lastseen": "2019-05-29T18:35:16", "bulletinFamily": "unix", "cvelist": ["CVE-2004-0522"], "description": "\nA flaw exists in Gallery versions previous to\n\t 1.4.3-pl1 and post 1.2 which may give an attacker\n\t the potential to log in under the \"admin\" account.\n\t Data outside of the gallery is unaffected and the\n\t attacker cannot modify any data other than the\n\t photos or photo albums.\n", "edition": 4, "modified": "2004-06-01T00:00:00", "published": "2004-06-01T00:00:00", "id": "253EA131-BD12-11D8-B071-00E08110B673", "href": "https://vuxml.freebsd.org/freebsd/253ea131-bd12-11d8-b071-00e08110b673.html", "title": "Gallery 1.4.3 and ealier user authentication bypass", "type": "freebsd", "cvss": {"score": 10.0, "vector": "AV:N/AC:L/Au:N/C:C/I:C/A:C"}}]}