exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

DRUPAL-SA-2006-024.txt

DRUPAL-SA-2006-024.txt
Posted Oct 21, 2006
Authored by Uwe Hermann | Site drupal.org

Drupal security advisory - DRUPAL-SA-2006-024: Multiple XSS (cross site scripting) vulnerabilities have been discovered.

tags | advisory, vulnerability, xss
SHA-256 | 1aa675f91c66e69c739dbfa33817a0d04e6526d3a5f2b4c2b15192944ad977b4

DRUPAL-SA-2006-024.txt

Change Mirror Download
----------------------------------------------------------------------------
Drupal security advisory DRUPAL-SA-2006-024
----------------------------------------------------------------------------
Project: Drupal core
Date: 2006-Oct-18
Security risk: Moderately critical
Exploitable from: Remote
Vulnerability: Cross site scripting
----------------------------------------------------------------------------

Description
-----------
Multiple XSS (cross site scripting) vulnerabilities have been discovered.

A bug in input validation and lack of output validation allows HTML and script
insertion on several pages.

Drupal's XML parser passes unescaped data to watchdog under certain
circumstances. A malicious user may execute an XSS attack via a specially
crafted RSS feed. This vulnerability exists on systems that do not use PHP's
mb_string extension (to check if mb_string is being used, navigate to
admin/settings and look under "String handling"). Disabling the aggregator
module provides an immediate workaround.

The aggregator module, profile module, and forum module do not properly escape
output of certain fields.

Note: XSS attacks may lead to administrator access if certain conditions are
met.


Versions affected
-----------------
- Drupal 4.6.x versions before Drupal 4.6.10
- Drupal 4.7.x versions before Drupal 4.7.4

Solution
--------
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.10.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.10.tar.gz
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.4.
http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.4.tar.gz

- To patch Drupal 4.6.9 use http://drupal.org/files/sa-2006-024/4.6.9.patch.
- To patch Drupal 4.7.3 use http://drupal.org/files/sa-2006-024/4.7.3.patch.

Please note that the patches only contain changes related to this advisory, and
do not fix bugs that were solved in 4.6.10 or 4.7.4.

Reported by
-----------
- The XML parser vulnerability was reported by Erdem Köse.
- The forum module vulnerability was reported by Jim Phlew.
- The other vulnerabilities were found by members of the Drupal security team.

Contact
-------
The security contact for Drupal can be reached at security at drupal.org or
using the form at http://drupal.org/contact.


// Uwe Hermann, on behalf of the Drupal Security Team.
--
Uwe Hermann
http://www.hermann-uwe.de
http://www.it-services-uh.de | http://www.crazy-hacks.org
http://www.holsham-traders.de | http://www.unmaintained-free-software.org
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close