Secunia Security Advisory - Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to bypass certain security restrictions, and conduct script insertion and HTTP response splitting attacks.
ee1686b397a6e34b37c803eb5dbcad22e6f1cc8f1d0e5632f0164c1d0cb87bdd
TITLE:
Drupal Multiple Vulnerabilities
SECUNIA ADVISORY ID:
SA17824
VERIFY ADVISORY:
http://secunia.com/advisories/17824/
CRITICAL:
Moderately critical
IMPACT:
Security Bypass, Cross Site Scripting
WHERE:
>From remote
SOFTWARE:
Drupal 4.x
http://secunia.com/product/342/
DESCRIPTION:
Some vulnerabilities have been reported in Drupal, which can be
exploited by malicious people to bypass certain security
restrictions, and conduct script insertion and HTTP response
splitting attacks.
1) An input validation error in the filtering of HTML code can be
exploited to inject arbitrary JavaScript code in submitted content,
which will be executed in a user's browser session in context of an
affected site when the malicious user data is viewed.
Successful exploitation requires that the user has access to the full
HTML input format.
The vulnerability has been reported in versions 4.5.0 through 4.5.5
and 4.6.0 through 4.6.3. Prior versions may also be affected.
2) An input validation error in the attachment handling can be
exploited to upload a malicious image with embedded HTML and script
content, which will be executed in a user's browser session in
context of an affected site when viewed directly with the Microsoft
Internet Explorer browser.
This is related to:
SA17295
This can also be exploited to inject arbitrary HTTP headers, which
will be included in the response sent to the user.
The vulnerability has been reported in versions 4.5.0 through 4.5.5
and 4.6.0 through 4.6.3. Prior versions may also be affected.
3) The problem is that it is possible to bypass the "access user
profile" permission. However, this cannot be exploited to modify
data.
Successful exploitation requires that the server runs PHP 5.
The vulnerability has been reported in version 4.6.0 through 4.6.3.
SOLUTION:
Update to version 4.5.6 or 4.6.4.
http://drupal.org/project
PROVIDED AND/OR DISCOVERED BY:
1) Ahmed Saad
2) Paul Laudanski
3) Andrew Widdowson
ORIGINAL ADVISORY:
http://drupal.org/files/sa-2005-007/advisory.txt
http://drupal.org/files/sa-2005-008/advisory.txt
http://drupal.org/files/sa-2005-009/advisory.txt
OTHER REFERENCES:
SA17295:
http://secunia.com/advisories/17295/
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------