Fedora 11 : drupal-views-6.x.2.6-1.fc11 (2009-6049)

This script is Copyright (C) 2009-2015 Tenable Network Security, Inc.


Synopsis :

The remote Fedora host is missing a security update.

Description :

- Advisory ID: DRUPAL-SA-CONTRIB-2009-037 [0] * Project:
Views * Versions: 6.x-2.x * Date: 2009-June-10 *
Security risk: Moderately critical * Exploitable from:
Remote * Vulnerability: Cross Site Scripting (XSS),
Access Bypass -------- DESCRIPTION
--------------------------------------------------------
- The Views module provides a flexible method for Drupal
site designers to control how lists of content are
presented. In the Views UI administrative interface when
configuring exposed filters, user input presented as
possible exposed filters is not correctly filtered,
potentially allowing malicious users to insert arbitrary
HTML and script code into these pages. In addition,
content entered by users with 'administer views'
permission into the View name when defining custom views
is subsequently displayed without being filtered. Such
cross site scripting [1] (XSS) attacks may lead to a
malicious user gaining full administrative access. An
access bypass may exist where unpublished content owned
by the anonymous user (e.g. content created by a user
whose account was later deleted) is visible to any
anonymous user there is a view already configured to
show it incorrectly. An additional access bypass may
occur because Views may generate queries which
disrespect node access control. Users may be able to
access private content if they have permission to see
the resulting View. -------- VERSIONS AFFECTED
--------------------------------------------------- *
Versions of Views for Drupal 6.x prior to 6.x-2.6 Drupal
core is not affected. If you do not use the Views
module, there is nothing you need to do. --------
SOLUTION
--------------------------------------------------------
---- Install the latest version. * If you use Views for
Drupal 6.x upgrade to 6.x-2.6 [2] In addition,
preventing the node access bypass may require adding
*node: access filters* to the View manually if using
relationships to nodes that might be restricted. Also
see the Views project page [3]. -------- REPORTED BY
--------------------------------------------------------
- * The exposed filters XSS was reported by Derek Wright
(dww [4]) of the Drupal Security Team [5] * The XSS from
the view name was reported by Justin Klein Keane
(Justin_KleinKeane [6]) * The unpublished content access
bypass was reported by Brandon Bergren (bdragon [7]) *
The node access query bypass was reported by Moshe
Weitzman (moshe weitzman [8]) of the Drupal Security
Team [9] -------- FIXED BY
--------------------------------------------------------
---- Earl Miles (merlinofchaos [10]) Views project
maintainer. -------- CONTACT
--------------------------------------------------------
----- The security contact for Drupal can be reached at
security at drupal.org or via the form at
http://drupal.org/contact and by selecting the security
issues category. [0] http://drupal.org/node/488068 [1]
http://en.wikipedia.org/wiki/Cross-site_scripting [2]
http://drupal.org/node/488082 [3]
http://drupal.org/project/views [4]
http://drupal.org/user/46549 [5]
http://drupal.org/security-team [6]
http://drupal.org/user/302225 [7]
http://drupal.org/user/53081 [8]
http://drupal.org/user/23 [9]
http://drupal.org/security-team [10]
http://drupal.org/user/26979

Note that Tenable Network Security has extracted the preceding
description block directly from the Fedora security advisory. Tenable
has attempted to automatically clean and format it as much as possible
without introducing additional issues.

See also :

http://drupal.org/node/488068
http://drupal.org/node/488082
http://drupal.org/project/views
http://en.wikipedia.org/wiki/Cross-site_scripting
http://www.nessus.org/u?7483a5bc

Solution :

Update the affected drupal-views package.

Risk factor :

Medium / CVSS Base Score : 6.4
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:N)
CVSS Temporal Score : 5.6
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Fedora Local Security Checks

Nessus Plugin ID: 39399 (fedora_2009-6049.nasl)

Bugtraq ID: 35304

CVE ID:

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now