---------------------------------------------------------------------- Want a new job? http://secunia.com/secunia_security_specialist/ http://secunia.com/hardcore_disassembler_and_reverse_engineer/ International Partner Manager - Project Sales in the IT-Security Industry: http://corporate.secunia.com/about_secunia/64/ ---------------------------------------------------------------------- TITLE: Drupal Multiple Vulnerabilities SECUNIA ADVISORY ID: SA31028 VERIFY ADVISORY: http://secunia.com/advisories/31028/ CRITICAL: Moderately critical IMPACT: Hijacking, Cross Site Scripting, Manipulation of data WHERE: >From remote SOFTWARE: Drupal 5.x http://secunia.com/product/13378/ Drupal 6.x http://secunia.com/product/17839/ DESCRIPTION: Some vulnerabilities have been reported in Drupal, which can be exploited by malicious people to conduct cross-site scripting, cross-site request forgery, session fixation, SQL injection, and script insertion attacks. 1) Certain input passed via taxonomy terms is not properly sanitised before being used. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when a user selects a term and previews the node. 2) Certain input passed from OpenID providers is not properly sanitised before being returned to a user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site. These vulnerabilities reportedly affected version 6.x only. 3) The application allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. delete OpenID identities or translation strings by enticing a logged-in user to visit a malicious site. 4) An error in the handling of certain sessions can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link. 5) Certain input passed to numeric fields in the Schema API is not properly sanitised before being used in an SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. The vulnerabilities are reported in version 5.x and 6.x. SOLUTION: Update to the latest versions or apply patch for version 5.7 or 6.2. Drupal 5.x: Update to version 5.8. http://ftp.drupal.org/files/projects/drupal-5.8.tar.gz Drupal 6.x Update to version 6.3. http://ftp.drupal.org/files/projects/drupal-6.3.tar.gz Drupal 5.7: Apply patch. http://drupal.org/files/sa-2008-044/SA-2008-044-5.7.patch Drupal 6.2: Apply patch. http://drupal.org/files/sa-2008-044/SA-2008-044-6.2.patch PROVIDED AND/OR DISCOVERED BY: The vendor credits Erich C. Beyrent, John Morahan, Peter Wolanin (Drupal security team), Neil Drumm (Drupal security team), and Heine Deelstra (Drupal security team). ORIGINAL ADVISORY: http://drupal.org/node/280571 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------