CVE-2005-2734
CVSS4.3
发布时间 :2005-08-30 07:45:00
修订时间 :2016-10-17 23:29:58
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and earlier allows remote attackers to inject arbitrary web script or HTML via EXIF data, such as the Camera Model Tag.


[CNNVD]Gallery 跨站脚本漏洞(CNNVD-200508-299)

        Gallery 1.5.1-RC2及其早期版本中存在跨站脚本漏洞。这使得远程攻击者可以借助于EXIF数据如相机型号标记注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: [--]
完整性影响: [--]
可用性影响: [--]
攻击复杂度: [--]
攻击向量: [--]
身份认证: [--]

- CPE (受影响的平台与产品)

cpe:/a:gallery_project:gallery:1.4.3_pl1
cpe:/a:gallery_project:gallery:1.5
cpe:/a:gallery_project:gallery:1.4.3_pl2
cpe:/a:gallery_project:gallery:1.4.1
cpe:/a:gallery_project:gallery:1.4.2
cpe:/a:gallery_project:gallery:1.5.1
cpe:/a:gallery_project:gallery:1.4
cpe:/a:gallery_project:gallery:1.4_pl2
cpe:/a:gallery_project:gallery:1.4_pl1
cpe:/a:gallery_project:gallery:1.4.4_pl4
cpe:/a:gallery_project:gallery:1.4.4_pl5
cpe:/a:gallery_project:gallery:1.4.4_pl2
cpe:/a:gallery_project:gallery:1.4.4_pl3
cpe:/a:gallery_project:gallery:1.5.1_rc2

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2734
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2005-2734
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200508-299
(官方数据源) CNNVD

- 其它链接及资源

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285
http://marc.info/?l=bugtraq&m=112511025414488&w=2
(UNKNOWN)  BUGTRAQ  20050826 Multiple PHP Images Galleries EXIF Metadata XSS Vulnerabilities
http://securitytracker.com/id?1014800
(UNKNOWN)  SECTRACK  1014800
http://sourceforge.net/project/shownotes.php?release_id=352576
(PATCH)  CONFIRM  http://sourceforge.net/project/shownotes.php?release_id=352576
http://www.securityfocus.com/bid/14668
(UNKNOWN)  BID  14668
http://www.us.debian.org/security/2006/dsa-1148
(UNKNOWN)  DEBIAN  DSA-1148
http://xforce.iss.net/xforce/xfdb/22020
(UNKNOWN)  XF  photopost-exif-xss(22020)

- 漏洞信息

Gallery 跨站脚本漏洞
中危 跨站脚本
2005-08-30 00:00:00 2005-10-20 00:00:00
远程  
        Gallery 1.5.1-RC2及其早期版本中存在跨站脚本漏洞。这使得远程攻击者可以借助于EXIF数据如相机型号标记注入任意Web脚本或HTML。

- 公告与补丁

        目前厂商已经发布了升级补丁以修复这个安全问题,补丁下载链接:
        Gallery Gallery 1.4 -pl2
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4 -pl1
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.1
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.2
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.3 -pl2
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.3 -pl1
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.4 -pl5
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.4 -pl4
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.4 -pl3
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.4.4 -pl2
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.5
        Debian gallery_1.5-1sarge2_all.deb
        Debian GNU/Linux 3.1 alias sarge
        http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sa rge2_all.deb
        Gallery gallery-1.5-pl1.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-1.5-pl1.tar.gz
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.5.1
        Gallery gallery-1.5.1-RC3
        http://sourceforge.net/project/showfiles.php?group_id=7130&package_id= 7239&release_id=348064
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        Gallery Gallery 1.5.1 -RC2
        Gallery gallery-2.0-rc-2-full.tar.gz
        http://prdownloads.sourceforge.net/gallery/gallery-2.0-rc-2-full.tar.g z
        

- 漏洞信息 (F49243)

Debian Linux Security Advisory 1148-1 (PacketStormID:F49243)
2006-08-27 00:00:00
Debian  debian.org
advisory,remote,web,vulnerability
linux,debian
CVE-2005-2734,CVE-2006-0330,CVE-2006-4030
[点击下载]

Debian Security Advisory 1148-1 - Several remote vulnerabilities have been discovered in gallery, a web-based photo album.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1148-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 9th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gallery
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030
Debian Bug     : 325285

Several remote vulnerabilities have been discovered in gallery, a web-based
photo album. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2005-2734

    A cross-site scripting vulnerability allows injection of web script
    code through HTML or EXIF information.

CVE-2006-0330

    A cross-site scripting vulnerability in the user registration allows
    injection of web script code.

CVE-2006-4030

    Missing input sanitising in the stats modules allows information
    disclosure.

For the stable distribution (sarge) these problems have been fixed in
version 1.5-1sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5-2.

We recommend that you upgrade your gallery package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.dsc
      Size/MD5 checksum:      589 f66813dbb5218b6cae62345331e73de0
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.diff.gz
      Size/MD5 checksum:    15917 4f2cb50ce35dcdce2af96dc251ee695f
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz
      Size/MD5 checksum:  6654533 7d610b59e7bf9edbbfa0abb38e041754

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2_all.deb
      Size/MD5 checksum:  6570476 5fd487a3d9973eb95af4eb4ee85cf545


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2lLzXm3vHE4uyloRAhvuAJ0Vrk6U9OY9WWMMbIqtYCXTdXdynwCgwzZx
sluj+h/UMhjGOQuDO7nUKPE=
=6LZF
-----END PGP SIGNATURE-----

    

- 漏洞信息

19015
Gallery EXIF Data XSS
Remote / Network Access Input Manipulation
Loss of Integrity Upgrade
Vendor Verified

- 漏洞描述

Unknown or Incomplete

- 时间线

2005-08-25 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.5.3-RC3 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

Unknown or Incomplete

- 漏洞信息

Gallery Script Injection Vulnerability
Input Validation Error 14668
Yes No
2005-08-26 12:00:00 2006-10-11 06:54:00
Cedric Cochin is credited with the discovery of this vulnerability.

- 受影响的程序版本

Gallery Gallery 1.5.1 -RC2
Gallery Gallery 1.5.1
Gallery Gallery 1.5
Gallery Gallery 1.4.4 -pl5
Gallery Gallery 1.4.4 -pl4
Gallery Gallery 1.4.4 -pl3
Gallery Gallery 1.4.4 -pl2
Gallery Gallery 1.4.3 -pl2
Gallery Gallery 1.4.3 -pl1
Gallery Gallery 1.4.2
Gallery Gallery 1.4.1
Gallery Gallery 1.4 -pl2
Gallery Gallery 1.4 -pl1
Gallery Gallery 1.4
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Gallery Gallery 2.0 Alpha
Gallery Gallery 1.5.1
Gallery Gallery 1.5 -pl1

- 不受影响的程序版本

Gallery Gallery 2.0 Alpha
Gallery Gallery 1.5.1
Gallery Gallery 1.5 -pl1

- 漏洞讨论

Gallery is prone to a script-injection vulnerability because it fails to properly sanitize user-supplied input.

A malicious user may cause arbitrary script code to execute in the browser context of an unsuspecting victim. This may let the attacker steal cookie-based authentication credentials in the context of the victim's browser; further attacks are also possible.

- 漏洞利用

No exploit is required.

- 解决方案

The vendor has released Gallery 1.5-pl1 Security Release and Gallery 1.5.1-RC3 Preview Release to address this issue.

Please see the referenced advisories for more information.


Gallery Gallery 1.4 -pl2

Gallery Gallery 1.4 -pl1

Gallery Gallery 1.4

Gallery Gallery 1.4.1

Gallery Gallery 1.4.2

Gallery Gallery 1.4.3 -pl2

Gallery Gallery 1.4.3 -pl1

Gallery Gallery 1.4.4 -pl5

Gallery Gallery 1.4.4 -pl4

Gallery Gallery 1.4.4 -pl3

Gallery Gallery 1.4.4 -pl2

Gallery Gallery 1.5

Gallery Gallery 1.5.1

Gallery Gallery 1.5.1 -RC2

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站