Koozali.org: home of the SME Server
Legacy Forums => Experienced User Forum => Topic started by: Terry Brummell on February 11, 2003, 05:02:53 AM
-
As I just found out this evening there is an easily! exploited problem in Gallery 1.3.2. Anyone using this version should update immediately. I would post to bugs or security@ but since it's not a Mitel product I'll let it be.
To see if someone has attempted to exploit this on your machine, check your httpd/access_log for entries that include "publish_xp_docs.php". I found the exact entry where my index.php was modified and I have the idiots IP addy.
Terry
-
I just did an rpm -qa gal* against my sme (5.6) box and it didn't return anything? Is this gallery thing some kind of add on? do I not have it installed? ( just came across this post... and curious )
TIA...
-=- jd -=-
-
Yes, gallery is an addon. It also isn't an RPM, so your RPM query wouldn't find it anyway.
-
Yes, it's a picture gallery add-on. It's quite popular around here, that's why I posted it.
-
Thanks guys. I'm quite new to the sme and still getting my feet wet.
-=- jd -=-
-
Terry
Thanks for that advice. Just had a quick look at the server I installed gallery on, but luckily no hack attempts.
At http://www.xatrix.org/article2466.html
I see these advisories, including a couple of quick fixes for those without the time to immediately update to gallery v1.3.3.
The fix to this problem is very simple. Pursue one of the following
three options:
1. Upgrade to v1.3.3, available now on the Gallery website:
http://gallery.sourceforge.net/download.php
-- or --
2. Edit your publish_xp_docs.php and near the top of the file, modify
the code so that this line:
appears after this block:
// Hack prevention.
if (!empty($HTTP_GET_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_POST_VARS["GALLERY_BASEDIR"]) ||
!empty($HTTP_COOKIE_VARS["GALLERY_BASEDIR"])) {
print "Security violation\n";
exit;
}
?>
-- or --
3. Delete publish_xp_docs.php. This will secure your system but will
also disable the Windows XP Publishing feature.
Thanks Terry
Regards
Ray Mitchell
-
Dan Brown wrote:
> Yes, gallery is an addon. It also isn't an RPM..
It can be. Is on my test box :-)
Charlie
-
> It can be. Is on my test box :-)
True enough--but I figured that if Jim had to ask the question, he hadn't rolled his own RPM of gallery...