CVE-2006-0330
CVSS4.3
发布时间 :2006-01-20 19:03:00
修订时间 :2011-03-07 21:29:47
NMCOPS    

[原文]Cross-site scripting (XSS) vulnerability in Gallery before 1.5.2 allows remote attackers to inject arbitrary web script or HTML via unknown attack vectors, possibly involving the user name (fullname).


[CNNVD]Gallery跨站脚本攻击漏洞(CNNVD-200601-263)

        Gallery 1.5.2之前的版本存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过可能与用户名(完整名称)有关的未知攻击矢量注入任意Web脚本或HTML。

- CVSS (基础分值)

CVSS分值: 4.3 [中等(MEDIUM)]
机密性影响: NONE [对系统的机密性无影响]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: MEDIUM [漏洞利用存在一定的访问条件]
攻击向量: [--]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:gallery_project:gallery:1.5.2_rc2
cpe:/a:gallery_project:gallery:1.5
cpe:/a:gallery_project:gallery:1.3.4
cpe:/a:gallery_project:gallery:1.4.2
cpe:/a:gallery_project:gallery:1.4.4_pl2
cpe:/a:gallery_project:gallery:1.4_pl1
cpe:/a:gallery_project:gallery:1.5.1_rc2
cpe:/a:gallery_project:gallery:1.5.1
cpe:/a:gallery_project:gallery:1.4_pl2
cpe:/a:gallery_project:gallery:1.4.4_pl5
cpe:/a:gallery_project:gallery:1.4.4_pl3
cpe:/a:gallery_project:gallery:1.4.3_pl2
cpe:/a:gallery_project:gallery:1.4.1
cpe:/a:gallery_project:gallery:1.4.4_pl4
cpe:/a:gallery_project:gallery:1.4.3_pl1
cpe:/a:gallery_project:gallery:1.4

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0330
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-0330
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200601-263
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/24247
(PATCH)  XF  gallery-unknown-xss(24247)
http://www.securityfocus.com/bid/16334
(PATCH)  BID  16334
http://www.osvdb.org/22660
(PATCH)  OSVDB  22660
http://www.gentoo.org/security/en/glsa/glsa-200601-13.xml
(VENDOR_ADVISORY)  GENTOO  GLSA-200601-13
http://secunia.com/advisories/18627
(VENDOR_ADVISORY)  SECUNIA  18627
http://secunia.com/advisories/18557
(VENDOR_ADVISORY)  SECUNIA  18557
http://www.vupen.com/english/advisories/2006/0282
(UNKNOWN)  VUPEN  ADV-2006-0282
http://gallery.menalto.com/page/gallery_1_5_2_release
(UNKNOWN)  CONFIRM  http://gallery.menalto.com/page/gallery_1_5_2_release
http://www.us.debian.org/security/2006/dsa-1148
(UNKNOWN)  DEBIAN  DSA-1148
http://secunia.com/advisories/21502
(UNKNOWN)  SECUNIA  21502
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285
(UNKNOWN)  MISC  http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=325285

- 漏洞信息

Gallery跨站脚本攻击漏洞
中危 跨站脚本
2006-01-20 00:00:00 2006-05-01 00:00:00
远程  
        Gallery 1.5.2之前的版本存在跨站脚本攻击(XSS)漏洞,远程攻击者可以通过可能与用户名(完整名称)有关的未知攻击矢量注入任意Web脚本或HTML。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本。

- 漏洞信息 (F49243)

Debian Linux Security Advisory 1148-1 (PacketStormID:F49243)
2006-08-27 00:00:00
Debian  debian.org
advisory,remote,web,vulnerability
linux,debian
CVE-2005-2734,CVE-2006-0330,CVE-2006-4030
[点击下载]

Debian Security Advisory 1148-1 - Several remote vulnerabilities have been discovered in gallery, a web-based photo album.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

- --------------------------------------------------------------------------
Debian Security Advisory DSA 1148-1                    security@debian.org
http://www.debian.org/security/                         Moritz Muehlenhoff
August 9th, 2006                        http://www.debian.org/security/faq
- --------------------------------------------------------------------------

Package        : gallery
Vulnerability  : several
Problem-Type   : remote
Debian-specific: no
CVE ID         : CVE-2005-2734 CVE-2006-0330 CVE-2006-4030
Debian Bug     : 325285

Several remote vulnerabilities have been discovered in gallery, a web-based
photo album. The Common Vulnerabilities and Exposures project identifies
the following problems:

CVE-2005-2734

    A cross-site scripting vulnerability allows injection of web script
    code through HTML or EXIF information.

CVE-2006-0330

    A cross-site scripting vulnerability in the user registration allows
    injection of web script code.

CVE-2006-4030

    Missing input sanitising in the stats modules allows information
    disclosure.

For the stable distribution (sarge) these problems have been fixed in
version 1.5-1sarge2.

For the unstable distribution (sid) these problems have been fixed in
version 1.5-2.

We recommend that you upgrade your gallery package.


Upgrade Instructions
- --------------------

wget url
        will fetch the file for you
dpkg -i file.deb
        will install the referenced file.

If you are using the apt-get package manager, use the line for
sources.list as given below:

apt-get update
        will update the internal database
apt-get upgrade
        will install corrected packages

You may use an automated update by adding the resources from the
footer to the proper configuration.


Debian GNU/Linux 3.1 alias sarge
- --------------------------------

  Source archives:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.dsc
      Size/MD5 checksum:      589 f66813dbb5218b6cae62345331e73de0
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2.diff.gz
      Size/MD5 checksum:    15917 4f2cb50ce35dcdce2af96dc251ee695f
    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5.orig.tar.gz
      Size/MD5 checksum:  6654533 7d610b59e7bf9edbbfa0abb38e041754

  Architecture independent components:

    http://security.debian.org/pool/updates/main/g/gallery/gallery_1.5-1sarge2_all.deb
      Size/MD5 checksum:  6570476 5fd487a3d9973eb95af4eb4ee85cf545


  These files will probably be moved into the stable distribution on
  its next update.

- ---------------------------------------------------------------------------------
For apt-get: deb http://security.debian.org/ stable/updates main
For dpkg-ftp: ftp://security.debian.org/debian-security dists/stable/updates/main
Mailing list: debian-security-announce@lists.debian.org
Package info: `apt-cache show <pkg>' and http://packages.debian.org/<pkg>
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFE2lLzXm3vHE4uyloRAhvuAJ0Vrk6U9OY9WWMMbIqtYCXTdXdynwCgwzZx
sluj+h/UMhjGOQuDO7nUKPE=
=6LZF
-----END PGP SIGNATURE-----

    

- 漏洞信息

22660
The Gallery User Name XSS
Remote / Network Access Input Manipulation
Loss of Integrity
Exploit Unknown Vendor Verified

- 漏洞描述

The Gallery contains a flaw that allows a remote cross site scripting attack. This flaw exists because the application does not validate the fullname set by users. This could allow a user to create a specially crafted URL that would execute arbitrary code in a user's browser within the trust relationship between the browser and the server, leading to a loss of integrity.

- 时间线

2006-01-19 Unknow
Unknow Unknow

- 解决方案

Upgrade to version 1.5.2 or higher, as it has been reported to fix this vulnerability. An upgrade is required as there are no known workarounds.

- 相关参考

- 漏洞作者

- 漏洞信息

Gallery User Name HTML Injection Vulnerability
Input Validation Error 16334
Yes No
2006-01-18 12:00:00 2006-08-10 08:05:00
Peter Schumacher is credited with the discovery of this vulnerability.

- 受影响的程序版本

Gentoo Linux
Gallery Gallery 1.5.2 -RC2
Debian Linux 3.1 sparc
Debian Linux 3.1 s/390
Debian Linux 3.1 ppc
Debian Linux 3.1 mipsel
Debian Linux 3.1 mips
Debian Linux 3.1 m68k
Debian Linux 3.1 ia-64
Debian Linux 3.1 ia-32
Debian Linux 3.1 hppa
Debian Linux 3.1 arm
Debian Linux 3.1 amd64
Debian Linux 3.1 alpha
Debian Linux 3.1
Gallery Gallery 1.5.2

- 不受影响的程序版本

Gallery Gallery 1.5.2

- 漏洞讨论

Gallery is prone to an HTML-injection vulnerability because it fails to properly sanitize user-supplied input before using it in dynamically generated content.

Attacker-supplied HTML and script code would execute in the context of the affected website, potentially allowing an attacker to steal cookie-based authentication credentials and to control how the site is rendered to the user; other attacks are also possible.

- 漏洞利用

An exploit is not required.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

Please see the referenced advisories for more information.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站