| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Fri Jun 3 11:48:04 2005 From: uwe at hermann-uwe.de (Uwe Hermann) Subject: [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue ---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-001 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-001 Date: 2005-jun-01 Security risk: highly critical Impact: system access Where: from remote Vulnerability: privilege escalation ---------------------------------------------------------------------------- Description ----------- The Drupal Security Team has found that the privilege system of Drupal can be circumvented in a very special case because an input check is not implemented properly. Versions affected ----------------- Drupal 4.4.0, 4.4.1, 4.4.2 Drupal 4.5.0, 4.5.1, 4.5.2 Drupal 4.6.0 Impact ------ If public registration is allowed then it is possible for an attacker to obtain additional user roles. As a result, an attacker could grant himself administration privileges. Solution -------- Either upgrade or disable public registration: - If you are running Drupal 4.4.x, then upgrade to Drupal 4.4.3. - If you are running Drupal 4.5.2, then upgrade to Drupal 4.5.3. - If you are running Drupal 4.6.0, then upgrade to Drupal 4.6.1. - If you cannot upgrade immediately, you can secure your site by disabling the public registration of Drupal accounts from Drupal's user administration screen. Log-in as an administrator, go to "administer >> users >> configure" and set the "Public registrations" option to "Only site administrators can create new user accounts". Contact ------- The security contact for Drupal can be reached at security@...pal.org or using the form at http://drupal.org/contact. // Uwe Herman, on behalf of the Drupal Security Team. -- Uwe Hermann <uwe@...mann-uwe.de> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Digital signature Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20050603/dfabdf98/attachment.bin
Powered by blists - more mailing lists