Mandriva Linux Security Advisory : drupal (MDVSA-2014:031)

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Multiple security issues was identified and fixed in drupal :

The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows
remote OpenID users to authenticate as other users via unspecified
vectors (CVE-2014-1475).

The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an
earlier version of Drupal, does not properly restrict access to
unpublished content, which allows remote authenticated users to obtain
sensitive information via a listing page (CVE-2014-1476).

The updated packages has been upgraded to the 7.26 version which is
unaffected by these security flaws.

See also :

https://drupal.org/SA-CORE-2014-001

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 72529 ()

Bugtraq ID: 64973

CVE ID: CVE-2014-1475
CVE-2014-1476

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now