Secunia Security Advisory - A security issue has been reported in the FileField module for Drupal, which potentially can be exploited by malicious users to compromise a vulnerable system.
ce57f97134a69f06ef28626ecc14d19a6ff6ecfd1c689bcba4646c0774898b4d
----------------------------------------------------------------------
Looking for a job?
Secunia is hiring skilled researchers and talented developers.
http://secunia.com/company/jobs/
----------------------------------------------------------------------
TITLE:
Drupal FileField Module Arbitrary File Upload Security Issue
SECUNIA ADVISORY ID:
SA39660
VERIFY ADVISORY:
http://secunia.com/advisories/39660/
DESCRIPTION:
A security issue has been reported in the FileField module for
Drupal, which potentially can be exploited by malicious users to
compromise a vulnerable system.
The security issue exists due to improper creation of a default
extension for a new file field when the field configuration page is
not saved and can be exploited to upload arbitrary files to a
directory inside the webroot.
Successful exploitation may allow execution of arbitrary PHP code but
requires "create" or "edit" permission for the file field.
The security issue is reported in versions prior to 6.x-3.3.
SOLUTION:
Update to version 6.x-3.3 or later.
PROVIDED AND/OR DISCOVERED BY:
The vendor credits David Rothstein of the Drupal Security Team
ORIGINAL ADVISORY:
SA-CONTRIB-2010-040:
http://drupal.org/node/791050
----------------------------------------------------------------------
About:
This Advisory was delivered by Secunia as a free service to help
private users keeping their systems up to date against the latest
vulnerabilities.
Subscribe:
http://secunia.com/advisories/secunia_security_advisories/
Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/
Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.
----------------------------------------------------------------------