Coppermine Photo Gallery picmgmtbatch.inc.php Arbitrary Command Execution

2004-04-29T00:00:00
ID OSVDB:5759
Type osvdb
Reporter Janek Vind "waraxe"(come2waraxe@yahoo.com)
Modified 2004-04-29T00:00:00

Description

Vulnerability Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted "impath" or "jpeg_equal" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.

Solution Description

Upgrade to version 1.3beta or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

Short Description

Coppermine Photo Gallery contains a flaw that may allow a remote attacker to execute arbitrary commands. By supplying specially crafted "impath" or "jpeg_equal" configuration parameters, a remote attacker could execute arbitrary shell commands on the system, resulting in a loss of integrity.

References:

Vendor URL: http://coppermine.sourceforge.net/ Vendor Specific Solution URL: http://nukephotogallery.com/index.php?name=Downloads&d_op=viewdownloaddetails&lid=39 Vendor Specific Advisory URL Security Tracker: 1010001 Secunia Advisory ID:11524 Related OSVDB ID: 5757 Related OSVDB ID: 6495 Related OSVDB ID: 6498 Related OSVDB ID: 6499 Related OSVDB ID: 5756 Related OSVDB ID: 6497 Related OSVDB ID: 6500 Related OSVDB ID: 5758 Related OSVDB ID: 5761 Related OSVDB ID: 5912 Related OSVDB ID: 6496 Other Advisory URL: http://www.waraxe.us/index.php?modname=sa&id=26 Keyword: waraxe-2004-SA#026 ISS X-Force ID: 16043 Bugtraq ID: 10253