Detections
Analytics

Mandriva Linux Security Advisory : drupal (MDVSA-2015:181)

high Nessus Plugin ID 82456

Language:

Synopsis

The remote Mandriva Linux host is missing one or more security updates.

Description

Updated drupal packages fix security vulnerabilities :

An information disclosure vulnerability was discovered in Drupal before 7.27. When pages are cached for anonymous users, form state may leak between anonymous users. Sensitive or private information recorded for one anonymous user could thus be disclosed to other users interacting with the same form at the same time (CVE-2014-2983).

Multiple security issues in Drupal before 7.29, including a denial of service issue, an access bypass issue in the File module, and multiple cross-site scripting issues (CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022).

A denial of service issue exists in Drupal before 7.31, due to XML entity expansion in a publicly accessible XML-RPC endpoint.

A SQL Injection issue exists in Drupal before 7.32 due to the way the Drupal core handles prepared statements. A malicious user can inject arbitrary SQL queries, and thereby completely control the Drupal site.
This vulnerability can be exploited by remote attackers without any kind of authentication required (CVE-2014-3704).

Aaron Averill discovered that a specially crafted request can give a user access to another user's session, allowing an attacker to hijack a random session (CVE-2014-9015).

Michael Cullum, Javier Nieto and Andres Rojas Guerrero discovered that the password hashing API allows an attacker to send specially crafted requests resulting in CPU and memory exhaustion. This may lead to the site becoming unavailable or unresponsive (denial of service) (CVE-2014-9016). anonymous users (CVE-2014-9016).

Password reset URLs can be forged under certain circumstances, allowing an attacker to gain access to another user's account without knowing the account's password (CVE-2015-2559).

Under certain circumstances, malicious users can construct a URL that will trick users into being redirected to a 3rd party website, thereby exposing the users to potential social engineering attacks. In addition, several URL-related API functions in Drupal 6 and 7 can be tricked into passing through external URLs when not intending to, potentially leading to additional open redirect vulnerabilities (CVE-2015-2749, CVE-2015-2750).

The drupal package has been updated to version 7.35 to fix this issue and other bugs. See the upstream advisory and release notes for more details.

Solution

Update the affected packages.

See Also

http://advisories.mageia.org/MGASA-2014-0322.html

http://advisories.mageia.org/MGASA-2014-0329.html

http://advisories.mageia.org/MGASA-2014-0423.html

http://advisories.mageia.org/MGASA-2014-0492.html

http://advisories.mageia.org/MGASA-2015-0121.html

Plugin Details

Severity: High

ID: 82456

File Name: mandriva_MDVSA-2015-181.nasl

Version: 1.10

Type: local

Published: 3/31/2015

Updated: 1/14/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: High

Score: 7.4

CVSS v2

Risk Factor: High

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/o:mandriva:business_server:1, p-cpe:/a:mandriva:linux:drupal-postgresql, p-cpe:/a:mandriva:linux:drupal-mysql, p-cpe:/a:mandriva:linux:drupal, p-cpe:/a:mandriva:linux:drupal-sqlite

Required KB Items: Host/local_checks_enabled, Host/cpu, Host/Mandrake/release, Host/Mandrake/rpm-list

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 3/30/2015

Exploitable With

CANVAS (CANVAS)

Core Impact

Metasploit (Drupal HTTP Parameter Key/Value SQL Injection)

Elliot (Drupal core 7.x SQL Injection)

Reference Information

CVE: CVE-2014-2983, CVE-2014-3704, CVE-2014-5019, CVE-2014-5020, CVE-2014-5021, CVE-2014-5022, CVE-2014-9015, CVE-2014-9016, CVE-2015-2559, CVE-2015-2749, CVE-2015-2750

MDVSA: 2015:181