[geeklog-users] Geeklog/Gallery Vulnerbility Fix

Vincent Furia vmf at abtech.org
Wed Dec 10 21:32:45 EST 2003


All that is required to correct this vulnerbility is to remove the line:

require_once($GEEKLOG_DIR . '/lib-common.php');

>From the files User.php and UserDB.php in the gallery\classes\geeklog
folder.

The other locations where $GEEKLOG_DIR is found are preceded by an
"include('config.php');" which eliminates the security risk in those
areas. (This is because the $GEEKLOG_DIR variable is assigned a value in
the config.php file overriding any value passed by GET or POST).  It might
not be a bad idea to check to be sure that $GEEKLOG_DIR is in the
config.php file (though the integration will not work without its
presence).

I'll put together an update which addresses these problems as soon as I
can (perhaps as soon as this weekend).  By early next year I'll try to
complete a security audit of the geeklog/gallery integration code to try
to eliminate all security problems.

I appologize to those affected by this problem and I hope that not many
machines were compromised as result of this problem.  I don't know how
long this vulerbility has been in the code, but it has been there for more
than a year (since before I began to work on the integration).

-Vinny



More information about the geeklog-users mailing list