Family: Debian Local Security Checks --> Category: infos
[DSA958] DSA-958-1 drupal Vulnerability Scan
Vulnerability Scan Summary
Detailed Explanation for this Vulnerability Test
Several security related problems have been discovered in drupal, a
fully-featured content management/discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
Several cross-site scripting vulnerabilities allow remote
attackers to inject arbitrary web script or HTML.
When running on PHP5, Drupal does not correctly enforce user
rights, which allows remote attackers to bypass the "access
user profiles" permission.
An interpretation conflict allows remote authenticated users to
inject arbitrary web script or HTML via HTML in a file with a GIF
or JPEG file extension.
The old stable distribution (woody) does not contain drupal packages.
For the stable distribution (sarge) these problems have been fixed in
For the unstable distribution (sid) these problems have been fixed in
We recommend that you upgrade your drupal package.
Solution : http://www.debian.org/security/2006/dsa-958
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.