TITLE: Apache::Gallery Privilege Escalation Vulnerability SECUNIA ADVISORY ID: SA9700 VERIFY ADVISORY: http://www.secunia.com/advisories/9700/ CRITICAL: Less critical IMPACT: Privilege escalation WHERE: Local system SOFTWARE: Apache::Gallery 0.x DESCRIPTION: A vulnerability has been reported in Apache::Gallery, which can be exploited by malicious, local users to escalate their privileges on a vulnerable system. The vulnerability is caused due to the program creating shared libraries insecurely in a temporary directory (often "/tmp"). This can be exploited via a symlink attack or by placing a specially crafted shared library in the directory, which will cause it to be loaded and executed with the privileges of the web service. SOLUTION: Update to version 0.7: http://apachegallery.dk/download/Apache-Gallery-0.7.tar.gz REPORTED BY / CREDITS: Jon Hart ---------------------------------------------------------------------- Secunia recommends that you verify all advisories you receive, by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. Contact details: Web : http://www.secunia.com/ E-mail : support@secunia.com Tel : +45 7020 5144 Fax : +45 7020 5145 ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://www.secunia.com/sec_adv_unsubscribe/?email=packet@packetstormsecurity.org ----------------------------------------------------------------------