aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authormiwi <miwi@FreeBSD.org>2007-10-25 16:47:21 +0800
committermiwi <miwi@FreeBSD.org>2007-10-25 16:47:21 +0800
commit039dec3c0b860472ee228922c19b040d5fecab5f (patch)
treea90e8ee2146aca097b914d86712f170cd631c324
parent8262cab7edc9e9a2a4011acdf14841284de6d507 (diff)
downloadfreebsd-ports-graphics-039dec3c0b860472ee228922c19b040d5fecab5f.tar.gz
freebsd-ports-graphics-039dec3c0b860472ee228922c19b040d5fecab5f.tar.zst
freebsd-ports-graphics-039dec3c0b860472ee228922c19b040d5fecab5f.zip
- Document drupal --- multiple vulnerabilities
Reviewed by: simon
-rw-r--r--security/vuxml/vuln.xml84
1 files changed, 84 insertions, 0 deletions
diff --git a/security/vuxml/vuln.xml b/security/vuxml/vuln.xml
index f8d5dad4395..bb56c1d0f39 100644
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@@ -34,6 +34,90 @@ Note: Please add new entries to the beginning of this file.
-->
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+ <vuln vid="9c00d446-8208-11dc-9283-0016179b2dd5">
+ <topic>drupal --- multiple vulnerabilities</topic>
+ <affects>
+ <package>
+ <name>drupal4</name>
+ <range><lt>4.7.8</lt></range>
+ </package>
+ <package>
+ <name>drupal5</name>
+ <range><lt>5.3</lt></range>
+ </package>
+ </affects>
+ <description>
+ <body xmlns="http://www.w3.org/1999/xhtml">
+ <p>The Drupal Project reports:</p>
+ <blockquote cite="http://drupal.org/node/184315">
+ <p>In some circumstances Drupal allows user-supplied data to
+ become part of response headers. As this user-supplied data
+ is not always properly escaped, this can be exploited by
+ malicious users to execute HTTP response splitting attacks
+ which may lead to a variety of issues, among them cache
+ poisoning, cross-user defacement and injection of arbitrary
+ code.</p>
+ </blockquote>
+ <blockquote cite="http://drupal.org/node/184316">
+ <p>The Drupal installer allows any visitor to provide credentials
+ for a database when the site's own database is not reachable. This
+ allows attackers to run arbitrary code on the site's server.
+ An immediate workaround is the removal of the file install.php
+ in the Drupal root directory.</p>
+ </blockquote>
+ <blockquote cite="http://drupal.org/node/184320">
+ <p>The allowed extension list of the core Upload module contains
+ the extension HTML by default. Such files can be used to execute
+ arbitrary script code in the context of the affected site when a
+ user views the file. Revoking upload permissions or removing the
+ .html extension from the allowed extension list will stop uploads
+ of malicious files. but will do nothing to protect your site
+ againstfiles that are already present. Carefully inspect the file
+ system path for any HTML files. We recommend you remove any HTML
+ file you did not update yourself. You should look for , CSS
+ includes, Javascript includes, and onerror="" attributes if
+ you need to review files individually.</p>
+ </blockquote>
+ <blockquote cite="http://drupal.org/node/184348">
+ <p>The Drupal Forms API protects against cross site request
+ forgeries (CSRF), where a malicous site can cause a user
+ to unintentionally submit a form to a site where he is
+ authenticated. The user deletion form does not follow the
+ standard Forms API submission model and is therefore not
+ protected against this type of attack. A CSRF attack may
+ result in the deletion of users.</p>
+ </blockquote>
+ <blockquote cite="http://drupal.org/node/184354">
+ <p>The publication status of comments is not passed during the
+ hook_comments API operation, causing various modules that rely
+ on the publication status (such as Organic groups, or Subscriptions)
+ to mail out unpublished comments.</p>
+ </blockquote>
+ </body>
+ </description>
+ <references>
+ <cvename>CVE-2007-5597</cvename>
+ <cvename>CVE-2007-5596</cvename>
+ <cvename>CVE-2007-5595</cvename>
+ <cvename>CVE-2007-5594</cvename>
+ <cvename>CVE-2007-5593</cvename>
+ <url>http://drupal.org/node/184315</url>
+ <url>http://drupal.org/node/184316</url>
+ <url>http://drupal.org/node/184348</url>
+ <url>http://drupal.org/node/184354</url>
+ <url>http://drupal.org/node/184320</url>
+ <url>http://secunia.com/advisories/27292</url>
+ <url>http://secunia.com/advisories/27292</url>
+ <url>http://secunia.com/advisories/27292</url>
+ <url>http://secunia.com/advisories/27290</url>
+ <url>http://secunia.com/advisories/27290</url>
+ </references>
+ <dates>
+ <discovery>2007-10-17</discovery>
+ <entry>2007-10-24</entry>
+ </dates>
+ </vuln>
+
<vuln vid="3a81017a-8154-11dc-9283-0016179b2dd5">
<topic>ldapscripts -- Command Line User Credentials Disclosure</topic>
<affects>