Bug 429310 (CVE-2007-6689)

Summary: CVE-2007-6689 Gallery2 insufficient file type check
Product: [Other] Security Response Reporter: Lubomir Kundrak <lkundrak>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED CURRENTRELEASE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: john
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
URL: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6689
Whiteboard:
Fixed In Version: gallery2-2.2.4-1 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2008-01-18 17:18:59 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Lubomir Kundrak 2008-01-18 17:12:42 UTC 
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6689 to the following vulnerability:

Menalto Gallery before 2.2.4 does not properly check for malicious file extensions during file uploads, which allows attackers to execute arbitrary code via the (1) Core application or (2) MIME module.

References:

http://gallery.menalto.com/gallery_2.2.4_released
Comment 1 Lubomir Kundrak 2008-01-18 17:18:59 UTC 
This sounds like it could have something to do with executable extensions on
Windows.

This was fixed in gallery2-2.2.4-1
Fedora 8: FEDORA-2007-4778
Fedora 7: FEDORA-2007-4777