FreeBSD : drupal -- multiple vulnerabilities (ecedde1c-5128-11dd-a4e1-0030843d3802)

This script is Copyright (C) 2008-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Drupal Project reports :

Free tagging taxonomy terms can be used to insert arbitrary script and
HTML code (cross site scripting or XSS) on node preview pages. A
successful exploit requires that the victim selects a term containing
script code and chooses to preview the node. This issue affects Drupal
6.x only. Some values from OpenID providers are output without being
properly escaped, allowing malicious providers to insert arbitrary
script and HTML code (XSS) into user pages. This issue affects Drupal
6.x only. filter_xss_admin() has been hardened to prevent use of the
object HTML tag in administrator input.

Translated strings (5.x, 6.x) and OpenID identities (6.x) are
immediately deleted upon accessing a properly formatted URL, making
such deletion vulnerable to cross site request forgeries (CSRF). This
may lead to unintended deletion of translated strings or OpenID
identities when a sufficiently privileged user visits a page or site
created by a malicious person.

When contributed modules such as Workflow NG terminate the current
request during a login event, user module is not able to regenerate
the user's session. This may lead to a session fixation attack, when a
malicious user is able to control another users' initial session ID.
As the session is not regenerated, the malicious user may use the
'fixed' session ID after the victim authenticates and will have the
same access. This issue affects both Drupal 5 and Drupal 6.

Schema API uses an inappropriate placeholder for 'numeric' fields
enabling SQL injection when user-supplied data is used for such
fields.This issue affects Drupal 6 only.

See also :

http://drupal.org/node/280571
http://www.nessus.org/u?753da129

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 4.3
(CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 33493 (freebsd_pkg_ecedde1c512811dda4e10030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2008-3218
CVE-2008-3221

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now