Secunia Research Advisory - Apache::Gallery module version 0.6 and below suffers from a privilege escalation vulnerability that exists due to shared libraries being created insecurely.
3e95ec7ac378c1f0069a8509e5b8aea94c9e22c01f05a5955d5f7695d710443e
TITLE:
Apache::Gallery Privilege Escalation Vulnerability
SECUNIA ADVISORY ID:
SA9700
VERIFY ADVISORY:
http://www.secunia.com/advisories/9700/
CRITICAL:
Less critical
IMPACT:
Privilege escalation
WHERE:
Local system
SOFTWARE:
Apache::Gallery 0.x
DESCRIPTION:
A vulnerability has been reported in Apache::Gallery, which can be
exploited by malicious, local users to escalate their privileges on a
vulnerable system.
The vulnerability is caused due to the program creating shared
libraries insecurely in a temporary directory (often "/tmp"). This
can be exploited via a symlink attack or by placing a specially
crafted shared library in the directory, which will cause it to be
loaded and executed with the privileges of the web service.
SOLUTION:
Update to version 0.7:
http://apachegallery.dk/download/Apache-Gallery-0.7.tar.gz
REPORTED BY / CREDITS:
Jon Hart
----------------------------------------------------------------------
Secunia recommends that you verify all advisories you receive, by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
Contact details:
Web : http://www.secunia.com/
E-mail : support@secunia.com
Tel : +45 7020 5144
Fax : +45 7020 5145
----------------------------------------------------------------------