Detections
Analytics

FreeBSD : drupal -- multiple vulnerabilities (b3531fe1-2b03-11df-b6db-00248c9b4be7)

high Nessus Plugin ID 45009

Language:

Synopsis

The remote FreeBSD host is missing one or more security-related updates.

Description

Drupal Team reports :

A user-supplied value is directly output during installation allowing a malicious user to craft a URL and perform a cross-site scripting attack. The exploit can only be conducted on sites not yet installed.

The API function drupal_goto() is susceptible to a phishing attack. An attacker could formulate a redirect in a way that gets the Drupal site to send the user to an arbitrarily provided URL. No user submitted data will be sent to that URL.

Locale module and dependent contributed modules do not sanitize the display of language codes, native and English language names properly.
While these usually come from a preselected list, arbitrary administrator input is allowed. This vulnerability is mitigated by the fact that the attacker must have a role with the 'administer languages' permission.

Under certain circumstances, a user with an open session that is blocked can maintain his/her session on the Drupal site, despite being blocked.

Solution

Update the affected packages.

See Also

http://drupal.org/node/731710

http://www.nessus.org/u?77130755

Plugin Details

Severity: High

ID: 45009

File Name: freebsd_pkg_b3531fe12b0311dfb6db00248c9b4be7.nasl

Version: 1.8

Type: local

Published: 3/9/2010

Updated: 1/6/2021

Supported Sensors: Nessus

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:drupal5, p-cpe:/a:freebsd:freebsd:drupal6, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Patch Publication Date: 3/8/2010

Vulnerability Publication Date: 3/3/2010