Security: Security vulnerability in Gallery 1.1, 1.2.x, 1.3

Posted by: onokazuOn 2002/8/2 20:57:08 5230 reads
Anybody using Gallery on your site should upgrade it right now. There will be no change to the files included in XOOPS patch for Gallery, so just upgrade your Gallery to the latest version, and apply the XOOPS patch again if you would like to keep using it as an XOOPS module.

Quote:

An alert system administrator for PowerTech an ISP in Norway discovered a security vulnerability in Gallery yesterday. This security hole is a serious one; with it a malicious user can install a backdoor on your system and gain shell access with the same privileges as your webserver user. It's important that you realize that there are malicious people exploiting this bug *right* *now*. Read through to the bottom of this email for a list of IP addresses of sites that we believe may already be hacked, and ways to detect if you've been hacked.

Update: The most secure version of Gallery available is v1.3.1-cvs-b13. Upgrade ASAP.


Source: News at Gallery website


You can also download the patch at http://www.xoops.it/ where you can find some detailed instructions for installing Gallery as a XOOPS module.