|
Family: Debian Local Security Checks --> Category: infos
[DSA1007] DSA-1007-1 drupal Vulnerability Scan
Vulnerability Scan Summary DSA-1007-1 drupal
Detailed Explanation for this Vulnerability Test
The Drupal Security Team discovered several vulnerabilities in Drupal,
a fully-featured content management and discussion engine. The Common
Vulnerabilities and Exposures project identifies the following
problems:
Due to missing input sanitising a remote attacker could inject
headers of outgoing e-mail messages and use Drupal as a spam
proxy.
Missing input sanity checks allows attackers to inject arbitrary
web script or HTML.
Menu items created with the menu.module lacked access control,
which might allow remote attackers to access administrator pages.
Markus Petrux discovered a bug in the session fixation which may
allow remote attackers to gain Drupal user rights.
The old stable distribution (woody) does not contain Drupal packages.
For the stable distribution (sarge) these problems have been fixed in
version 4.5.3-6.
For the unstable distribution (sid) these problems have been fixed in
version 4.5.8-1.
We recommend that you upgrade your drupal package.
Solution : http://www.debian.org/security/2006/dsa-1007
Threat Level: High
Click HERE for more information and discussions on this network vulnerability scan.
|