Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 186884

Summary: www-apps/drupal < 5.2 multiple XSS
Product: Gentoo Security Reporter: Pierre-Yves Rofes (RETIRED) <py>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: mjf, uberlord, web-apps
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/26224/
Whiteboard: ~4 [noglsa] p-y
Package list:
Runtime testing required: ---

Description Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-28 12:11:39 UTC 
Some vulnerabilities have been reported in Drupal, which can be exploited by malicious users to conduct cross-site scripting attacks and by malicious people to conduct cross-site request forgery attacks.

1) Drupal does not correctly use the Forms API and allows users to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited e.g. to delete comments or content revisions and disable menu items by enticing a logged-in user to visit a malicious site.

The vulnerabilities are reported in Drupal 5.x prior to 5.2.

2) Certain server variables are not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Successful exploitation requires "administer content types" privileges.

The vulnerabilities are reported in Drupal 4.7.x prior to 4.7.7 and Drupal 5.x prior to Drupal 5.2

Solution:
Update to version 4.7.7 and 5.2 or apply patches.
Comment 1 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-28 12:13:39 UTC 
setting status / cc'ing maintainer. Uberlord, please bump as necessary.
Comment 2 Roy Marples (RETIRED) gentoo-dev 2007-07-28 12:28:25 UTC 
drupal-5.2 ebuild in portage
Comment 3 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-07-28 12:34:44 UTC 
great, that's what I call reactivity :)
closing without glsa then.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2007-07-30 18:58:22 UTC 
*** Bug 187162 has been marked as a duplicate of this bug. ***