HTTP: Gallery Embedded USER AUTH Bypass (postvar)

This signature detects attempts to exploit a known vulnerability in Gallery, a Web-based photo album application written in php. Attackers can bypass user authorization to gain administrative privileges.

Extended Description

It has been disclosed that an attacker can bypass Gallery's authentication process, and log in as any user without a password. An attacker can override configuration variables by passing them in GET, POST or cookie arguments. Gallery simulates the 'register_globals' PHP setting by extracting the values of the various $HTTP_ global variables into the global namespace. Therefore, regardless of the 'register_globals' PHP setting, an attacker can override configuration variables. An attacker can change configuration variables and cause Gallery to skip the authentication steps. Versions prior to 1.4.3-pl2 are reported to be vulnerable.

Affected Products

Gallery gallery

References

BugTraq: 10451

CVE: CVE-2005-0522

URL: http://www.securityfocus.com/archive/1/364952/2004-05-30/2004-06-05/0 http://securitytracker.com/id?1013270 http://nvd.nist.gov/nvd.cfm?cvename=CVE-2004-0522

Short Name

HTTP:PHP:GALLERY:EMBED-AUTH-VAR

Severity

Major

Recommended

False

Recommended Action

Drop

HTTP: Gallery Embedded USER AUTH Bypass (postvar)

Extended Description

Affected Products

References

Found a potential security threat?