----------------------------------------------------------------------

Do you need accurate and reliable IDS / IPS / AV detection rules?

Get in-depth vulnerability details:
http://secunia.com/binary_analysis/sample_analysis/

----------------------------------------------------------------------

TITLE:
Drupal Multiple Modules Security Bypass Vulnerability

SECUNIA ADVISORY ID:
SA32195

VERIFY ADVISORY:
http://secunia.com/advisories/32195/

CRITICAL:
Moderately critical

IMPACT:
Security Bypass, Exposure of sensitive information

WHERE:
>From remote

SOFTWARE:
LiveJournal CrossPoster 6.x (module for Drupal)
http://secunia.com/advisories/product/20100/
Live 6.x (module for Drupal)
http://secunia.com/advisories/product/20093/
Keyboard shortcut utiilty 6.x (module for Drupal)
http://secunia.com/advisories/product/20098/
Creative Commons Lite 6.x (module for Drupal)
http://secunia.com/advisories/product/20097/
Banner Rotor 6.x (module for Drupal)
http://secunia.com/advisories/product/20096/
AJAX Picture Preview 6.x (module for Drupal)
http://secunia.com/advisories/product/20095/
Taxonomy import/export via XML 6.x (module for Drupal)
http://secunia.com/advisories/product/20102/

DESCRIPTION:
A vulnerability has been reported in various modules for Drupal,
which can be exploited by malicious people to bypass certain security
restrictions or disclose sensitive information.

The vulnerability is caused due to improper access restriction. This
can potentially be exploited to display unspecified data or to access
administrative functions without valid user credentials.

The vulnerability is reported in the following modules:

* Live prior to version 6.x-1.0
* AJAX Picture Preview prior to version 6.x-1.2
* Banner Rotor prior to version 6.x-1.3
* Creative Commons Lite prior to version 6.x-1.1
* Keyboard shortcut utiilty prior to version 6.x-1.1
* LiveJournal CrossPoster prior to version 6.x-1.4
* Taxonomy import/export via XML prior to version 6.x-1.2

SOLUTION:
Update to:

* Live version 6.x-1.0
* AJAX Picture Preview version 6.x-1.2
* Banner Rotor version 6.x-1.3
* Creative Commons Lite version 6.x-1.1
* Keyboard shortcut utiilty version 6.x-1.1
* LiveJournal CrossPoster version 6.x-1.4
* Taxonomy import/export via XML version 6.x-1.2

PROVIDED AND/OR DISCOVERED BY:
John Morahan and Peter Wolanin, Drupal security team

ORIGINAL ADVISORY:
DRUPAL-SA-2008-063:
http://drupal.org/node/318739

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/advisories/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/advisories/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------