Vulnerability?

mottie
mottie's picture

Joined: 2002-08-20
Posts: 19
Posted: Fri, 2004-12-17 17:54

On slashdot today.. is gallery vulnerable? I am going to upgrade regardless, as I have a phpBB2 forum installed..

http://www.hardened-php.net/advisories/012004.txt

The Hardened-PHP Project has announced several serious and according to them, easy-to-exploit vulnerabilities within PHP. A flaw within the function unserialize() is rated as very critical for millions of PHP servers, because it is exposed to remote attackers through lots of very popular webapplications. The list includes forum software like phpBB2

 
signe
signe's picture

Joined: 2003-07-27
Posts: 2322
Posted: Fri, 2004-12-17 19:29

Since they don't include examples of what could trigger the error, it's very difficult to say with 100% certainty, but in my understanding of the bug, I don't believe that Gallery is vulnerable.

The only data that Gallery serializes is the album/photo and userdb information.