CVE-2008-4129 - OpenCVE

Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication Single

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:S/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Gallery	Gallery

Configuration 1 [-]

OR	cpe:2.3:a:gallery:gallery::::::::
	cpe:2.3:a:gallery:gallery:2.2.0:::::::*
	cpe:2.3:a:gallery:gallery:2.2.1:::::::*
	cpe:2.3:a:gallery:gallery:2.2.2:::::::*
	cpe:2.3:a:gallery:gallery:2.2.3:::::::*
	cpe:2.3:a:gallery:gallery:2.2.4:::::::*

Configuration 2 [-]

cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*

References

Link	Resource
http://gallery.menalto.com/gallery_1.5.9_released	Patch
http://gallery.menalto.com/gallery_2.2.6_released	Patch
http://secunia.com/advisories/31912
http://secunia.com/advisories/32662
http://secunia.com/advisories/33144
http://security.gentoo.org/glsa/glsa-200811-02.xml
http://www.securityfocus.com/bid/31231	Patch
https://exchange.xforce.ibmcloud.com/vulnerabilities/45228
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2008-09-18T20:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2008-09-18T00:00:00

Link: CVE-2008-4129

JSON object: View

NVD Information

Status : Modified

Published: 2008-09-18T20:00:00.577

Modified: 2017-08-08T01:32:26.513

Link: CVE-2008-4129

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-09-18T00:00:00", "descriptions": [{"lang": "en", "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "GLSA-200811-02", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"}, {"name": "33144", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33144"}, {"name": "gallery-ziparchives-information-disclosure(45228)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"}, {"name": "31912", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31912"}, {"name": "32662", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32662"}, {"name": "FEDORA-2008-11258", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"}, {"name": "31231", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/31231"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gallery.menalto.com/gallery_2.2.6_released"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://gallery.menalto.com/gallery_1.5.9_released"}, {"name": "FEDORA-2008-11230", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-4129", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "GLSA-200811-02", "refsource": "GENTOO", "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"}, {"name": "33144", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33144"}, {"name": "gallery-ziparchives-information-disclosure(45228)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"}, {"name": "31912", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31912"}, {"name": "32662", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32662"}, {"name": "FEDORA-2008-11258", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"}, {"name": "31231", "refsource": "BID", "url": "http://www.securityfocus.com/bid/31231"}, {"name": "http://gallery.menalto.com/gallery_2.2.6_released", "refsource": "CONFIRM", "url": "http://gallery.menalto.com/gallery_2.2.6_released"}, {"name": "http://gallery.menalto.com/gallery_1.5.9_released", "refsource": "CONFIRM", "url": "http://gallery.menalto.com/gallery_1.5.9_released"}, {"name": "FEDORA-2008-11230", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-4129", "datePublished": "2008-09-18T20:00:00", "dateReserved": "2008-09-18T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*", "matchCriteriaId": "F63EDF9A-1818-41D4-96EF-DFF61994C27F", "versionEndIncluding": "2.2.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallery:gallery:2.2.0:*:*:*:*:*:*:*", "matchCriteriaId": "CAD2DDED-A01D-4026-B8C3-0DA916466D1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallery:gallery:2.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "D400C30B-BD93-4419-BEC2-24A470F5E473", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallery:gallery:2.2.2:*:*:*:*:*:*:*", "matchCriteriaId": "8180C4E9-EFC9-438C-AAAF-B09B838CA17E", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallery:gallery:2.2.3:*:*:*:*:*:*:*", "matchCriteriaId": "B2ED9F1B-D3BD-42BA-8300-6A719A577F7F", "vulnerable": true}, {"criteria": "cpe:2.3:a:gallery:gallery:2.2.4:*:*:*:*:*:*:*", "matchCriteriaId": "3A821D29-75FA-4A6D-BE1A-D11906FA188D", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gallery:gallery:*:*:*:*:*:*:*:*", "matchCriteriaId": "B2630CD9-31D8-4E24-B518-03D94B3383B9", "versionEndIncluding": "1.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Gallery before 1.5.9, and 2.x before 2.2.6, does not properly handle ZIP archives containing symbolic links, which allows remote authenticated users to conduct directory traversal attacks and read arbitrary files via vectors related to the archive upload (aka zip upload) functionality."}, {"lang": "es", "value": "Gallery, versiones anteriores a 1.5.9, y 2.x y versiones anteriores a 2.2.6, no trata adecuadamente archivos ZIP que contienen enlaces simb\u00f3licos, el cual permite a los usuarios remotos autentificados manejar los ataques de salto de directorio y leer archivos arbitrariamente a trav\u00e9s de vectores relativos a el fichero cargado funcionalmente (alias zip cargado)."}], "id": "CVE-2008-4129", "lastModified": "2017-08-08T01:32:26.513", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-09-18T20:00:00.577", "references": [{"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://gallery.menalto.com/gallery_1.5.9_released"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://gallery.menalto.com/gallery_2.2.6_released"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31912"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32662"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/33144"}, {"source": "cve@mitre.org", "url": "http://security.gentoo.org/glsa/glsa-200811-02.xml"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/31231"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45228"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00794.html"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2008-December/msg00832.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}