Debian Security Advisory

DSA-512-1 gallery -- unauthenticated access

Date Reported:
02 Jun 2004
Affected Packages:
Security database references:
In the Bugtraq database (at SecurityFocus): BugTraq ID 10451.
In Mitre's CVE dictionary: CVE-2004-0522.
More information:

A vulnerability was discovered in gallery, a web-based photo album written in php, whereby a remote attacker could gain access to the gallery "admin" user without proper authentication. No CVE candidate was available for this vulnerability at the time of release.

For the current stable distribution (woody), these problems have been fixed in version 1.2.5-8woody2.

For the unstable distribution (sid), these problems have been fixed in version 1.4.3-pl2-1.

We recommend that you update your gallery package.

Fixed in:

Debian GNU/Linux 3.0 (woody)

Architecture-independent component:

MD5 checksums of the listed files are available in the original advisory.