Technical Description

Multiple vulnerabilities have been identified in Drupal, which may be exploited by attackers to execute arbitrary scripting code or bypass security restrictions.

The first issue is due to input validation errors in the XML parser and in the "aggregator", "profile", and "forum" modules, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

The second issue is due to errors in various scripts that do not validate certain parameters supplied via HTTP GET or POST requests, which could be exploited by malicious people to conduct cross site request forgery attacks.

The third vulnerability is due to an error in the "filter_xss_bad_protocol()" function when handling form action attributes, which could be exploited by attackers to redirect a user's form submission to a malicious web site via a specially crafted link.

Affected Products

Drupal versions prior to 4.6.10
Drupal versions prior to 4.7.4

Solution

Upgrade to Drupal version 4.6.10 or 4.7.4 :
http://drupal.org/project

References

http://www.vupen.com/english/advisories/2006/4120
http://drupal.org/node/88826
http://drupal.org/node/88828
http://drupal.org/node/88829

Credits

Vulnerabilities reported by the vendor, Erdem Köse, Jim Phlew, Garvin Hicking, and Frederic Marand.

ChangeLog

2006-10-20 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.