Mandriva Linux Security Advisory : drupal (MDVSA-2015:181)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing one or more security
updates.

Description :

Updated drupal packages fix security vulnerabilities :

An information disclosure vulnerability was discovered in Drupal
before 7.27. When pages are cached for anonymous users, form state may
leak between anonymous users. Sensitive or private information
recorded for one anonymous user could thus be disclosed to other users
interacting with the same form at the same time (CVE-2014-2983).

Multiple security issues in Drupal before 7.29, including a denial of
service issue, an access bypass issue in the File module, and multiple
cross-site scripting issues (CVE-2014-5019, CVE-2014-5020,
CVE-2014-5021, CVE-2014-5022).

A denial of service issue exists in Drupal before 7.31, due to XML
entity expansion in a publicly accessible XML-RPC endpoint.

A SQL Injection issue exists in Drupal before 7.32 due to the way the
Drupal core handles prepared statements. A malicious user can inject
arbitrary SQL queries, and thereby completely control the Drupal site.
This vulnerability can be exploited by remote attackers without any
kind of authentication required (CVE-2014-3704).

Aaron Averill discovered that a specially crafted request can give a
user access to another user's session, allowing an attacker to hijack
a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that
the password hashing API allows an attacker to send specially crafted
requests resulting in CPU and memory exhaustion. This may lead to the
site becoming unavailable or unresponsive (denial of service)
(CVE-2014-9016). anonymous users (CVE-2014-9016).

Password reset URLs can be forged under certain circumstances,
allowing an attacker to gain access to another user's account without
knowing the account's password (CVE-2015-2559).

Under certain circumstances, malicious users can construct a URL that
will trick users into being redirected to a 3rd party website, thereby
exposing the users to potential social engineering attacks. In
addition, several URL-related API functions in Drupal 6 and 7 can be
tricked into passing through external URLs when not intending to,
potentially leading to additional open redirect vulnerabilities
(CVE-2015-2749, CVE-2015-2750).

The drupal package has been updated to version 7.35 to fix this issue
and other bugs. See the upstream advisory and release notes for more
details.

See also :

http://advisories.mageia.org/MGASA-2014-0322.html
http://advisories.mageia.org/MGASA-2014-0329.html
http://advisories.mageia.org/MGASA-2014-0423.html
http://advisories.mageia.org/MGASA-2014-0492.html
http://advisories.mageia.org/MGASA-2015-0121.html

Solution :

Update the affected packages.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
Public Exploit Available : true

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now