Welcome to Geeklog, Anonymous Saturday, November 23 2024 @ 11:20 pm EST

Security Flaw in Geeklog/Gallery Plugin

Tuesday, December 09 2003 @ 10:48 pm EST
Contributed by: Tony
Views: 17,878

Those of you Geeklog users who use the Geeklog/Gallery plugin are being advised of a security issue that arises as a result of PHP's register_globals being on. As we explain here we do require register_globals to be on but Geeklog manages this securely. However, the Geeklog/Gallery plugin does not. To be 100% clear, this advisory does not effect Geeklog sites which do not use the Gallery plugin.

For those of you using the Geeklog Gallery plugin, you should comment all references to $GEEKLOG_DIR in the plugin. Instances of this can be found in: /path/to/geeklog/gallery_dir/init.php
/path/to/geeklog/gallery_dir/classes/geeklog/UserDB.php
/path/to/geeklog/gallery_dir/classes/geeklog/User.php
There are four lines total you will need to address. The first occurance in init.php where $GEEKLOG_DIR gets set which is simply fixed by commenting it out. As for theoccurances of

require_once($GEEKLOG_DIR . 'lib-common.php');

be sure to replace the entire string with

require_once '/path/to/geeklog/public_html/lib-common.php';

Hopefully this is clear to everyone. In the meantime, we are contacting the maintainer of the Geeklog/Gallery plugin to make the necessary fix.

Comments

Security Flaw in Geeklog/Gallery Plugin | 14 comments | Create New Account

The following comments are owned by whomever posted them. This site is not responsible for what they say.

Security Flaw in Geeklog/Gallery Plugin

Authored by: TechFan on Tuesday, December 09 2003 @ 11:29 pm EST

I am just hoping we can fix this so that the path only has to be statically entered in one place?

Security Flaw in Geeklog/Gallery Plugin

Authored by: amckay on Wednesday, December 10 2003 @ 09:46 am EST

You could pick a random string of letters to replace "GEEKLOG_DIR" with in all instances. You'd still be vulnerable, but not unless someone guessed your random string.

But really 4 or 5 places is not that big a deal.

Security Flaw in Geeklog/Gallery Plugin

Authored by: TechFan on Tuesday, December 09 2003 @ 11:56 pm EST

Btw, I think you were probably intending to say that GEEKLOG_DIR is defined in gallery's config.php (at least that is where I have always read to put it) instead of init.php

Security Flaw in Geeklog/Gallery Plugin

Authored by: Tony on Wednesday, December 10 2003 @ 09:05 am EST

The newer versions of the plugin don't require you to edit anything so you are right, if you have a older version where you added it to config.php then you need to make the necessary fixes. To be safe everyone should grep GEEKLOG_DIR in their gallery folder.

---
The reason people blame things on previous generations is that there's only one other choice.

---
The reason people blame things on previous generations is that there's only one other choice.

Security Flaw in Geeklog/Gallery Plugin

Authored by: rngreen on Wednesday, December 10 2003 @ 11:19 am EST

The story is here, It makes for very good reading (forensicly)

Security Flaw in Geeklog/Gallery Plugin

Authored by: Tony on Wednesday, December 10 2003 @ 12:53 pm EST

Err, I already posted a link to that in my original post. But you are right, this was definitely interesting to see them track down.

---
The reason people blame things on previous generations is that there's only one other choice.

---
The reason people blame things on previous generations is that there's only one other choice.

Security Flaw in Geeklog/Gallery Plugin

Authored by: tesn on Wednesday, December 10 2003 @ 12:59 pm EST

I had a little trouble finding the 4th line to change...It is in the init.php at or near line 98 (for me) You need to comment it out.

$GEEKLOG_DIR = $gallery->app->default["geeklog_dir"];

---
John

---
John

Security Flaw in Geeklog/Gallery Plugin

Authored by: Tony on Wednesday, December 10 2003 @ 03:07 pm EST

Sorry, that is what I meant when I said:
The first occurance in init.php where $GEEKLOG_DIR gets set which is simply fixed by commenting it out

---
The reason people blame things on previous generations is that there's only one other choice.

FIX

Authored by: vinny on Wednesday, December 10 2003 @ 09:56 pm EST

All that is required to correct this vulnerbility is to remove the line:

require_once($GEEKLOG_DIR . '/lib-common.php');

From the files User.php and UserDB.php in the gallery\classes\geeklog folder.

The other locations where $GEEKLOG_DIR is found are preceded by an "include('config.php');" which eliminates the security risk in those areas. (This is because the $GEEKLOG_DIR variable is assigned a value in the config.php file overriding any value passed by GET or POST). It might not be a bad idea to check to be sure that $GEEKLOG_DIR is in the config.php file (though the integration will not work without its presence).

I'll put together an update which addresses these problems as soon as I can (perhaps as soon as this weekend). By early next year I'll try to complete a security audit of the geeklog/gallery integration code to try to eliminate all security problems.

I appologize to those affected by this problem and I hope that not many machines were compromised as result of this problem. I don't know how long this vulerbility has been in the code, but it has been there for more than a year (since before I began to work on the integration).

-Vinny

FIX

Authored by: destr0yr on Thursday, December 11 2003 @ 02:01 am EST

Will this be with the current 1.4pl-2, or the 1.4.1 release of Gallery?

---
-- destr0yr - "People like you are the reason people like me need medication."

---
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams

FIX

Authored by: vinny on Thursday, December 11 2003 @ 05:20 pm EST

I'll use the whatever the most current released version of gallery is at the time (most likely 1.4.1).

-Vinny

FIX

Authored by: destr0yr on Friday, December 12 2003 @ 06:55 pm EST

you rock!

---
-- destr0yr - "People like you are the reason people like me need medication."

---
-- destr0yr
"I love deadlines. I like the whooshing sound they make as they fly by." -- Douglas Adams

FIX

Authored by: amckay on Thursday, December 11 2003 @ 02:08 pm EST

Hey vinny, don't sweat it. Love the software and am very thankful to you for working on it!

FIX

Authored by: thedude on Monday, December 15 2003 @ 01:19 am EST

Hi Vinny.

No worries man. You did a great job for the Geeklog/Gallery integration. Loving it.

Thanks man.

The Dude

Warning: Javascript required to enable functionality

Security Flaw in Geeklog/Gallery Plugin

Search

Resources

About

Getting started

Support

Development

Topics

User Functions

What's New

Articles last 4 weeks

Comments last 4 weeks

Pages last 4 weeks

Links last 4 weeks

Downloads last 4 weeks