*** This bug is a security vulnerability ***
Public security bug reported:
Multiple vulnerabities and weaknesses were discovered in Drupal. Neither of
these are readily exploitable.
Cross site scripting
Free tagging taxonomy terms can be used to insert arbitrary script and
HTML code (cross site scripting or XSS) on node preview pages. A
successful exploit requires that the victim selects a term containing
script code and chooses to preview the node. This issue affects Drupal
6.x only.
Some values from OpenID providers are output without being properly
escaped, allowing malicious providers to insert arbitrary script and
HTML code (XSS) into user pages. This issue affects Drupal 6.x only.
filter_xss_admin() has been hardened to prevent use of the object HTML tag in
administrator input.
Cross site request forgeries
Translated strings (5.x, 6.x) and OpenID identities (6.x) are immediately
deleted upon accessing a properly formatted URL, making such deletion
vulnerable to cross site request forgeries (CSRF). This may lead to unintended
deletion of translated strings or OpenID identities when a sufficiently
privileged user visits a page or site created by a malicious person.
Session fixation
When contributed modules such as Workflow NG terminate the current request
during a login event, user module is not able to regenerate the user's session.
This may lead to a session fixation attack, when a malicious user is able to
control another users' initial session ID. As the session is not regenerated,
the malicious user may use the 'fixed' session ID after the victim
authenticates and will have the same access. This issue affects both Drupal 5
and Drupal 6.
SQL injection
Schema API uses an inappropriate placeholder for 'numeric' fields enabling SQL
injection when user-supplied data is used for such fields.This issue affects
Drupal 6 only.
Versions affected
* Drupal 5.x before version 5.8
* Drupal 6.x before version 6.3
** Affects: drupal5 (Ubuntu)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: Fix Released
** Affects: drupal5 (Ubuntu Hardy)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: In Progress
** Affects: drupal5 (Ubuntu Intrepid)
Importance: Medium
Assignee: Emanuele Gentili (emgent)
Status: Fix Released
** Affects: drupal5 (Debian)
Importance: Unknown
Status: Fix Released
** Visibility changed to: Public
--
SA-2008-044 - Drupal core - Multiple vulnerabilities
https://bugs.launchpad.net/bugs/249653
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
