Mandriva Linux Security Advisory : drupal (MDVSA-2015:181)

high Nessus Plugin ID 82456

Language:

New! Vulnerability Priority Rating (VPR)

Tenable calculates a dynamic VPR for every vulnerability. VPR combines vulnerability information with threat intelligence and machine learning algorithms to predict which vulnerabilities are most likely to be exploited in attacks. Read more about what VPR is and how it is different from CVSS.

VPR Score: 8.4

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated drupal packages fix security vulnerabilities :

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983).

Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022).

A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint.

A SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site.
This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704).

Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service) (CVE-2014-9016). anonymous users (CVE-2014-9016).

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559).

Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750).

The drupal package has been updated to version 7.35 to fix this issue and other bugs. See the upstream advisory and release notes for more details.

Solution

Update the affected packages.

Plugin Details

Severity: High

ID: 82456

File Name: mandriva_MDVSA-2015-181.nasl

Version: 1.10

Type: local

Family: Mandriva Local Security Checks

Published: 3/31/2015

Updated: 1/14/2021

Dependencies: 12634

Risk Information

Risk Factor: High

VPR Score: 8.4

CVSS v2.0

Base Score: 7.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: p-cpe:/a:mandriva:linux:drupal, p-cpe:/a:mandriva:linux:drupal-mysql, p-cpe:/a:mandriva:linux:drupal-postgresql, p-cpe:/a:mandriva:linux:drupal-sqlite, cpe:/o:mandriva:business_server:1

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2015

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Drupal HTTP Parameter Key/Value SQL Injection)

Elliot (Drupal core 7.x SQL Injection)

Reference Information

CVE: CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750

MDVSA: 2015:181