[geeklog-users] Geeklog/Gallery vulnerability

Jason Signalness jason at btiadmin.net
Tue Dec 9 23:33:47 EST 2003

Previous message: [geeklog-users] Geeklog/Gallery vulnerability
Next message: [geeklog-users] Geeklog/Gallery Vulnerbility Fix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Thanks Tony.

Tony Bibbs wrote:

> Correct, it is only with that plugin. Read this:

>

> http://www.geeklog.net/article.php?story=2003120922482655

>

> --Tony

>

> Dirk Haun wrote:

>

>> Jason,

>>

>>

>>> This article worries me a bit:

>>> http://www.securityfocus.com/guest/24043

>>

>>

>> [...]

>>

>>> The vulerability discussed allowed me to write arbitrary data to the

>>> server's hard disk, run all kinds of shell commands, and get the

>>> output back in my browser. Worrying to be sure.

>>

>>

>>

>> Hmm, I've only skimmed the article yet but my first impression was that

>> it a) was "only" a problem of the Geeklog/Gallery integration (not of

>> Geeklog itself) and b) was "only" used to send spam.

>>

>> I must have missed the bit about writing to the server's hard disk,

>> but I

>> don't really have the time now to look into it. Can someone confirm if

>> this is "only" a problem with the Gallery integration?

>>

>> bye, Dirk

>>

>>

>

>

Previous message: [geeklog-users] Geeklog/Gallery vulnerability
Next message: [geeklog-users] Geeklog/Gallery Vulnerbility Fix
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the geeklog-users mailing list