FreeBSD : drupal -- multiple vulnerabilities (6779e82f-b60b-11da-913d-000ae42e9b93)

This script is Copyright (C) 2006-2013 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Drupal reports :

Mail header injection vulnerability.

Linefeeds and carriage returns were not being stripped from email
headers, raising the possibility of bogus headers being inserted into
outgoing email.

This could lead to Drupal sites being used to send unwanted email.

Session fixation vulnerability.

If someone creates a clever enough URL and convinces you to click on
it, and you later log in but you do not log off then the attacker may
be able to impersonate you.

XSS vulnerabilities.

Some user input sanity checking was missing. This could lead to
possible cross-site scripting (XSS) attacks.

XSS can lead to user tracking and theft of accounts and services.

Security bypass in menu.module.

If you use menu.module to create a menu item, the page you point to
will be accessible to all, even if it is an admin page.

See also :

http://drupal.org/node/53806
http://drupal.org/node/53805
http://drupal.org/node/53803
http://drupal.org/node/53796
http://www.nessus.org/u?03606ef9

Solution :

Update the affected package.

Risk factor :

High

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 21444 (freebsd_pkg_6779e82fb60b11da913d000ae42e9b93.nasl)

Bugtraq ID:

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now