Detections
Analytics
Debian DSA-2016-1 : drupal6 - several vulnerabilities
high Nessus Plugin ID 45057
Language:
Synopsis
The remote Debian host is missing a security-related update.Description
Several vulnerabilities (SA-CORE-2010-001) have been discovered in drupal6, a fully-featured content management framework.Installation cross site scripting
A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed.
Open redirection
The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL.
Locale module cross site scripting
Locale module and dependent contributed modules do not sanitize the display of language codes, native and English language names properly.
While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the 'administer languages' permission.
Blocked user session regeneration
Under certain circumstances, a user with an open session that is blocked can maintain his/her session on the Drupal site, despite being blocked.
Solution
Upgrade the drupal6 package.For the stable distribution (lenny), these problems have been fixed in version 6.6-3lenny5.
See Also
Plugin Details
Severity: High
ID: 45057
File Name: debian_DSA-2016.nasl
Version: 1.9
Type: local
Agent: unix
Family: Debian Local Security Checks
Published: 3/15/2010
Updated: 1/4/2021
Supported Sensors: Frictionless Assessment Agent, Nessus Agent, Agentless Assessment, Nessus
Vulnerability Information
CPE: p-cpe:/a:debian:debian_linux:drupal6, cpe:/o:debian:debian_linux:5.0
Required KB Items: Host/local_checks_enabled, Host/Debian/release, Host/Debian/dpkg-l
Patch Publication Date: 3/13/2010
Reference Information
DSA: 2016