[VIM] Gallery LFI - third party disputed vs vendor

George A. Theall theall at tenablesecurity.com
Tue Sep 2 15:35:43 UTC 2008


On Aug 24, 2008, at 6:02 AM, security curmudgeon wrote:

> CVE-2008-3600
>
> Disclosure and Dispute:
> http://archives.neohapsis.com/archives/bugtraq/2008-08/0091.html
> http://archives.neohapsis.com/archives/bugtraq/2008-08/0115.html
>
> Vendor:
> http://gallery.menalto.com/gallery_1.5.8_released
>
> One security issue was reported to us in private by the Digital  
> Security Research Group [DSecRG] who were professional and are  
> waiting until after this release to publish their findings.
>
> --
>
> who's right? =)

DSecRG -- gallery doesn't have much under "contrib/phpBB2" other than  
"modules.php" and some text files:

   http://gallery.svn.sourceforge.net/viewvc/gallery/tags/RELEASE_1_5_7/gallery/contrib/phpBB2/

There is no "extension.inc". Nor is there anything matching "common.*"  
or "includes/functions.*", which makes me wonder why DSecRG's PoC uses  
a directory traversal sequence to grab "/etc/passwd".

George
-- 
theall at tenablesecurity.com





More information about the VIM mailing list