-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ________________________________________________________________________
OpenPKG Security Advisory OpenPKG GmbH http://www.openpkg.org/security/ http://openpkg.com OpenPKG-SA-2006.025 2006-10-20 ________________________________________________________________________ Package: drupal Vulnerability: cross-site scripting, privilege escalation OpenPKG Specific: no Affected Series: Affected Packages: Corrected Packages: 1.0-ENTERPRISE n.a. >= drupal-4.7.4-E1.0.0 2-STABLE-20060622 <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019 2-STABLE <= drupal-4.7.3-2.20061018 >= drupal-4.7.4-2.20061019 CURRENT <= drupal-4.7.3-20061016 >= drupal-4.7.4-20061019 Description: According to vendor security advisories [2][3][4], multiple vulnerabilities exist in the Drupal content management platform [1]: A bug in input validation and lack of output validation allows HTML and script insertion on several pages. And Drupal's XML parser passes unescaped data to watchdog under certain circumstances. A malicious user may execute an XSS attack via a specially crafted RSS feed. Additionally, the aggregator module, profile module, and forum module do not properly escape output of certain fields. [2] Visiting a specially crafted page, anywhere on the web, may allow that page to post forms to a Drupal site in the context of the visitor's session. An attacker can exploit this vulnerability by changing passwords, posting PHP code or creating new users, for example. The attack is only limited by the privileges of the session it executes in. [3] A malicious user may entice users to visit a specially crafted URL that may result in the redirection of Drupal form submission to a third-party site. A user visiting the user registration page via such an URL, for example, will submit all data, such as the e-mail address, but also possible private profile data, to a third-party site [4]. ________________________________________________________________________ References: [1] http://drupal.org/ [2] http://drupal.org/node/88826 [3] http://drupal.org/node/88828 [4] http://drupal.org/node/88829 ________________________________________________________________________ For security reasons, this advisory was digitally signed with the OpenPGP public key "OpenPKG <[EMAIL PROTECTED]>" (ID 63C4CB9F) which you can retrieve from http://www.openpkg.org/openpkg.pgp. Follow the instructions on http://www.openpkg.org/security/signatures/ for details on how to verify the integrity of this advisory. ________________________________________________________________________ -----BEGIN PGP SIGNATURE----- Comment: OpenPKG <[EMAIL PROTECTED]> iD8DBQFFOG1HgHWT4GPEy58RAlCZAKCn9GhVEUZDhYcCXv9kIXS/1GZFNwCg3NAX iB8bdpsey7szZjBFBNCPajw= =hNkE -----END PGP SIGNATURE-----
