Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 201478

Summary: www-apps/drupal < 5.4 "taxonomy_select_nodes()" SQL Injection
Product: Gentoo Security Reporter: Lars Hartmann <lars>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: uberlord
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://secunia.com/advisories/27932/
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description Lars Hartmann 2007-12-06 12:51:58 UTC 
A vulnerability has been reported in Drupal, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the "taxonomy_select_nodes()" function is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation requires that a module that passes unsanitised data to "taxonomy_select_nodes()" is installed. Some of these modules are:
* taxonomy_menu
* ajaxLoader
* ubrowser

Solution:
Update to version 5.4.

Reproducible: Always
Comment 1 Lars Hartmann 2007-12-06 13:13:31 UTC 
maintainers - please provide an updated ebuild
Comment 2 Gunnar Wrobel (RETIRED) gentoo-dev 2007-12-06 13:42:16 UTC 
Adding Roy since he is the primary maintainer.
Comment 3 Roy Marples (RETIRED) gentoo-dev 2007-12-06 14:03:50 UTC 
I retired :P
Comment 4 Gunnar Wrobel (RETIRED) gentoo-dev 2007-12-06 14:17:56 UTC 
Ah, okay. I was already wondering why uberlord@gentoo.org didn't work. But I believed our dev list which obviously didn't get updated yet. Thanks for the note. Will take it then.
Comment 5 Gunnar Wrobel (RETIRED) gentoo-dev 2007-12-06 14:41:24 UTC 
drupal-5.4 is in the tree.

The ebuild is unstable on all arches.

The insecure versions were removed.

webapps done here.
Comment 6 Pierre-Yves Rofes (RETIRED) gentoo-dev 2007-12-06 15:16:50 UTC 
thanks, closing withoug glsa.