Home page logo

bugtraq logo Bugtraq mailing list archives

[OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal)
From: OpenPKG <openpkg () openpkg org>
Date: Fri, 20 Oct 2006 08:33:40 +0200

Hash: SHA1


OpenPKG Security Advisory                                   OpenPKG GmbH
http://www.openpkg.org/security/                      http://openpkg.com
OpenPKG-SA-2006.025                                           2006-10-20

Package:          drupal
Vulnerability:    cross-site scripting, privilege escalation
OpenPKG Specific: no

Affected Series:  Affected Packages:         Corrected Packages:
1.0-ENTERPRISE    n.a.                       >= drupal-4.7.4-E1.0.0
2-STABLE-20060622 <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019
2-STABLE          <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019
CURRENT           <= drupal-4.7.3-20061016   >= drupal-4.7.4-20061019

  According to vendor security advisories [2][3][4], multiple
  vulnerabilities exist in the Drupal content management platform [1]:

  A bug in input validation and lack of output validation allows HTML
  and script insertion on several pages. And Drupal's XML parser passes
  unescaped data to watchdog under certain circumstances. A malicious
  user may execute an XSS attack via a specially crafted RSS feed.
  Additionally, the aggregator module, profile module, and forum module
  do not properly escape output of certain fields. [2]

  Visiting a specially crafted page, anywhere on the web, may allow that
  page to post forms to a Drupal site in the context of the visitor's
  session. An attacker can exploit this vulnerability by changing
  passwords, posting PHP code or creating new users, for example. The
  attack is only limited by the privileges of the session it executes
  in. [3]

  A malicious user may entice users to visit a specially crafted URL
  that may result in the redirection of Drupal form submission to a
  third-party site. A user visiting the user registration page via such
  an URL, for example, will submit all data, such as the e-mail address,
  but also possible private profile data, to a third-party site [4].

  [1] http://drupal.org/
  [2] http://drupal.org/node/88826
  [3] http://drupal.org/node/88828
  [4] http://drupal.org/node/88829

For security reasons, this advisory was digitally signed with the
OpenPGP public key "OpenPKG <openpkg () openpkg org>" (ID 63C4CB9F) which
you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the
instructions on http://www.openpkg.org/security/signatures/ for details
on how to verify the integrity of this advisory.

Comment: OpenPKG <openpkg () openpkg org>


  By Date           By Thread  

Current thread:
  • [OpenPKG-SA-2006.025] OpenPKG Security Advisory (drupal) OpenPKG (Oct 20)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]