DRUPAL-SA-2007-005.txt

DRUPAL-SA-2007-005.txt: Posted Jan 31, 2007; Authored by Uwe Hermann | Site drupal.org; Drupal security advisory - Previews on comments were not passed through normal form validation routines, enabling users with the 'post comments' permission and access to more than one input filter to execute arbitrary code. Affected include Drupal 4.7.x versions before Drupal 4.7.6 and Drupal 5.x versions before Drupal 5.1.; tags | advisory, arbitrary; SHA-256 | 2e86ad7cf732e48c2e546b4432795c4809c57b8a13758652be4bc9714527a906; Download | Favorite | View

DRUPAL-SA-2007-005.txt

----------------------------------------------------------------------------
Drupal security advisory                                  DRUPAL-SA-2007-005
----------------------------------------------------------------------------
Project:          Drupal core
Version:          4.7.x, 5.x
Date:             2007-Jan-29 
Security risk:    Highy critical
Exploitable from: Remote
Vulnerability:    Arbitrary code execution
----------------------------------------------------------------------------
 
Description
-----------
Previews on comments were not passed through normal form validation routines,
enabling users with the 'post comments' permission and access to more than
one input filter to execute arbitrary code. By default, anonymous and
authenticated users have access to only one input format.

Immediate workarounds include: disabling the comment module, revoking the
'post comments' permission for all users or limiting access to one input
format.
 
Versions affected
-----------------
- Drupal 4.7.x versions before Drupal 4.7.6
- Drupal 5.x versions before Drupal 5.1

Solution
--------
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.6.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.6.tar.gz
- If you are running Drupal 5.x then upgrade to Drupal 5.1.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-5.1.tar.gz

- To patch Drupal 4.7.5 use 
    http://drupal.org/files/sa-2007-005/SA-2007-005-4.7.5.patch.
- To patch Drupal 5.0 use 
    http://drupal.org/files/sa-2007-005/SA-2007-005-5.0.patch.

Please note that the patches only contain changes related to this advisory,
and do not fix bugs that were solved in 4.7.6 or 5.1.

Reported by
-----------
The Drupal security team.

Contact
-------
The security contact for Drupal can be reached at security at drupal.org
or using the form at http://drupal.org/contact.


// Uwe Hermann, on behalf of the Drupal Security Team.
-- 
http://www.hermann-uwe.de  | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org

Top Authors In Last 30 Days

Red Hat 219 files
indoushka 83 files
Ubuntu 79 files
Gentoo 36 files
Jasper Nota 25 files
Willem Westerhof 19 files
Debian 18 files
Jim Blankendaal 11 files
Martijn Baalman 9 files
Apple 9 files

File Archives

Systems

AIX (429)
Apple (2,099)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,096)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,567)
HPUX (880)
iOS (378)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,707)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,485)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,737)
UNIX (9,435)
UnixWare (187)
Windows (6,672)
Other

DRUPAL-SA-2007-005.txt

DRUPAL-SA-2007-005.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

DRUPAL-SA-2007-005.txt

Share This

DRUPAL-SA-2007-005.txt

File Archive:

August 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems