Detections
Analytics
FreeBSD : drupal -- multiple vulnerabilities (bad1b090-a7ca-11de-873f-0030843d3802)
high Nessus Plugin ID 41047
Synopsis
The remote FreeBSD host is missing one or more security-related updates.Description
Drupal Team reports :The core OpenID module does not correctly implement Form API for the form that allows one to link user accounts with OpenID identifiers. A malicious user is therefore able to use cross site request forgeries to add attacker controlled OpenID identities to existing accounts.
These OpenID identities can then be used to gain access to the affected accounts.
The OpenID module is not a compliant implementation of the OpenID Authentication 2.0 specification. An implementation error allows a user to access the account of another user when they share the same OpenID 2.0 provider.
File uploads with certain extensions are not correctly processed by the File API. This may lead to the creation of files that are executable by Apache. The .htaccess that is saved into the files directory by Drupal should normally prevent execution. The files are only executable when the server is configured to ignore the directives in the .htaccess file.
Drupal doesn't regenerate the session ID when an anonymous user follows the one time login link used to confirm email addresses and reset forgotten passwords. This enables a malicious user to fix and reuse the session id of a victim under certain circumstances.
Solution
Update the affected packages.See Also
Plugin Details
Severity: High
ID: 41047
File Name: freebsd_pkg_bad1b090a7ca11de873f0030843d3802.nasl
Version: 1.10
Type: local
Family: FreeBSD Local Security Checks
Published: 9/23/2009
Updated: 1/6/2021
Supported Sensors: Nessus
Vulnerability Information
CPE: p-cpe:/a:freebsd:freebsd:drupal5, p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd
Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info
Patch Publication Date: 9/22/2009
Vulnerability Publication Date: 9/17/2009