FreeBSD : Drupal Code -- Multiple Vulnerabilities (8db24888-b2f5-11e6-8153-00248c0c745d)

This script is Copyright (C) 2016-2017 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing one or more security-related
updates.

Description :

The Drupal development team reports : Inconsistent name for term
access query (Less critical - Drupal 7 and Drupal 8) Drupal provides a
mechanism to alter database SELECT queries before they are executed.
Contributed and custom modules may use this mechanism to restrict
access to certain entities by implementing hook_query_alter() or
hook_query_TAG_alter() in order to add additional conditions. Queries
can be distinguished by means of query tags. As the documentation on
EntityFieldQuery::addTag() suggests, access-tags on entity queries
normally follow the form ENTITY_TYPE_access (e.g. node_access).
However, the taxonomy module's access query tag predated this system
and used term_access as the query tag instead of taxonomy_term_access.

As a result, before this security release modules wishing to restrict
access to taxonomy terms may have implemented an unsupported tag, or
needed to look for both tags (term_access and taxonomy_term_access) in
order to be compatible with queries generated both by Drupal core as
well as those generated by contributed modules like Entity Reference.
Otherwise information on taxonomy terms might have been disclosed to
unprivileged users.

Incorrect cache context on password reset page (Less critical - Drupal
8) The user password reset form does not specify a proper cache
context, which can lead to cache poisoning and unwanted content on the
page. Confirmation forms allow external URLs to be injected
(Moderately critical - Drupal 7) Under certain circumstances,
malicious users could construct a URL to a confirmation form that
would trick users into being redirected to a 3rd party website after
interacting with the form, thereby exposing the users to potential
social engineering attacks. Denial of service via transliterate
mechanism (Moderately critical - Drupal 8) A specially crafted URL can
cause a denial of service via the transliterate mechanism.

See also :

http://www.nessus.org/u?5d6d8dd3

Solution :

Update the affected packages.

Risk factor :

Medium / CVSS Base Score : 5.0
(CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N)

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 95365 ()

Bugtraq ID:

CVE ID: CVE-2016-9449
CVE-2016-9450
CVE-2016-9451
CVE-2016-9452

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now