[<prev] [next>] [day] [month] [year] [list]
Message-ID: <OpenPKG-SA-2006.025@openpkg.org>
Date: Fri, 20 Oct 2006 08:33:40 +0200
From: OpenPKG <openpkg@...npkg.org>
To: bugtraq@...urityfocus.com
Subject: [OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH
http://www.openpkg.org/security/ http://openpkg.com
OpenPKG-SA-2006.025 2006-10-20
________________________________________________________________________
Package: drupal
Vulnerability: cross-site scripting, privilege escalation
OpenPKG Specific: no
Affected Series: Affected Packages: Corrected Packages:
1.0-ENTERPRISE n.a. >= drupal-4.7.4-E1.0.0
2-STABLE-20060622 <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019
2-STABLE <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019
CURRENT <= drupal-4.7.3-20061016 >= drupal-4.7.4-20061019
Description:
According to vendor security advisories [2][3][4], multiple
vulnerabilities exist in the Drupal content management platform [1]:
A bug in input validation and lack of output validation allows HTML
and script insertion on several pages. And Drupal's XML parser passes
unescaped data to watchdog under certain circumstances. A malicious
user may execute an XSS attack via a specially crafted RSS feed.
Additionally, the aggregator module, profile module, and forum module
do not properly escape output of certain fields. [2]
Visiting a specially crafted page, anywhere on the web, may allow that
page to post forms to a Drupal site in the context of the visitor's
session. An attacker can exploit this vulnerability by changing
passwords, posting PHP code or creating new users, for example. The
attack is only limited by the privileges of the session it executes
in. [3]
A malicious user may entice users to visit a specially crafted URL
that may result in the redirection of Drupal form submission to a
third-party site. A user visiting the user registration page via such
an URL, for example, will submit all data, such as the e-mail address,
but also possible private profile data, to a third-party site [4].
________________________________________________________________________
References:
[1] http://drupal.org/
[2] http://drupal.org/node/88826
[3] http://drupal.org/node/88828
[4] http://drupal.org/node/88829
________________________________________________________________________
For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg@...npkg.org>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.
________________________________________________________________________
-----BEGIN PGP SIGNATURE-----
Comment: OpenPKG <openpkg@...npkg.org>
iD8DBQFFOG1HgHWT4GPEy58RAlCZAKCn9GhVEUZDhYcCXv9kIXS/1GZFNwCg3NAX
iB8bdpsey7szZjBFBNCPajw=
=hNkE
-----END PGP SIGNATURE-----
Powered by blists - more mailing lists