[ABANDONED] Galleria component under attack

For all Non-Joomla! security issues. ie 3pd Components etc.

Moderator: General Support Moderators

Forum rules
Locked
User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

[ABANDONED] Galleria component under attack

Post by infograf768 » Mon Jul 17, 2006 2:52 pm

See here
usual stuff
http://nvd.nist.gov/nvd.cfm?cvename=CVE-2006-3396

I have the GET log, Robs, if you like.

I do not use that comp by the way.
Last edited by RobS on Wed Jul 19, 2006 7:12 am, edited 1 time in total.
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Galleria component under attack

Post by RobS » Wed Jul 19, 2006 6:49 am

JM,

Do you have any information on the developer such as a website URL or an email address?  I searched around on Google but could only find vulnerability reports and not any actual websites for the component.

I probably don't need the log files.  Maybe you could just send them the report if you find any contact information for them?

Thanks,
Rob S.
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
Elpie
Joomla! Guru
Joomla! Guru
Posts: 903
Joined: Wed Aug 17, 2005 11:26 pm
Contact:

Re: Galleria component under attack

Post by Elpie » Wed Jul 19, 2006 7:10 am

Galleria is abandonware Rob - the best course of action for anyone using it is to backup their images, remove Galleria completely and find another gallery to use that is still in development and which is secure.

There is an update patch here: http://forum.mamboguru.com/showthread.php?t=316 but no guarantees that it can be more than a temporary measure.
Last edited by Elpie on Wed Jul 19, 2006 7:14 am, edited 1 time in total.
For Mambo assistance: http://forum.mambo-foundation.org
Open Source Research & Best Practice: http://osprojects.info

User avatar
RobS
Joomla! Ace
Joomla! Ace
Posts: 1366
Joined: Mon Dec 05, 2005 10:17 am
Location: New Orleans, LA, USA
Contact:

Re: Galleria component under attack

Post by RobS » Wed Jul 19, 2006 7:11 am

I suspected as much.  Thanks for the confirmation though. 
Rob Schley - Open Source Matters
Webimagery - http://www.webimagery.net/ - Professional Consulting Services
JXtended - http://www.jxtended.com/ - Free and Commercial Joomla! Extensions

User avatar
infograf768
Joomla! Master
Joomla! Master
Posts: 19133
Joined: Fri Aug 12, 2005 3:47 pm
Location: **Translation Matters**

Re: [ABANDONED] Galleria component under attack

Post by infograf768 » Wed Jul 19, 2006 7:25 am

Sent amail to the guy through
http://mamboxchange.com/projects/mambatstaff
Jean-Marie Simonet / infograf
---------------------------------
ex-Joomla Translation Coordination Team • ex-Joomla! Production Working Group

locutus
Joomla! Enthusiast
Joomla! Enthusiast
Posts: 111
Joined: Thu Aug 18, 2005 6:43 pm

Re: [ABANDONED] Galleria component under attack

Post by locutus » Wed Jul 19, 2006 10:13 am

Watch out! Just recently I found galleria files on my site, but I installed and uninstalled it years ago. Apparently Galleria deinstalls but is leaving the files on the server.
So if you remove the program, make sure by FTP or JXplorer that all files in components and administrator/components are removed.

galin
Joomla! Fledgling
Joomla! Fledgling
Posts: 1
Joined: Thu Sep 27, 2007 3:37 pm
Contact:

Re: [ABANDONED] Galleria component under attack

Post by galin » Thu Sep 27, 2007 3:46 pm

yup, you were right. i was recently going through my old website and found it didn't delete all the files on the uninstallation. thanks for the info.
Last edited by galin on Mon Oct 01, 2007 3:16 pm, edited 1 time in total.


Locked

Return to “3rd Party/Non Joomla! Security Issues”