Technical Description

Multiple vulnerabilities have been identified in Project and Project Issue Tracking (modules for Drupal), which could be exploited by attackers to bypass security restrictions, execute arbitrary scripting code or compromise a web server.

The first issue is due to an error in the "project_issue_access()" function that does not properly validate user permissions, which could be exploited by malicious users with "Access project issues" permissions to gain unauthorized access to all issues and attached files.

The second vulnerability is due to input validation errors in various scripts when displaying user-supplied parameters, which could be exploited by attackers to cause arbitrary scripting code to be executed by the user's browser in the security context of an affected Web site.

The third issue is due to an input validation error when handling attached files with multiple file extensions, which could be exploited by remote attackers to upload malicious PHP scripts and execute arbitrary commands on a vulnerable web server.

Affected Products

Project issue tracking versions 5.x
Project issue tracking versions 4.x
Project versions 5.x
Project versions 4.x

Solution

Upgrade to the latest versions :
http://drupal.org/project/project
http://drupal.org/project/project_issue

References

http://www.vupen.com/english/advisories/2007/0312
http://drupal.org/node/112146

Credits

Vulnerabilities reported by Brandon Bergren, Derek Wright, and Heine Deelstra.

ChangeLog

2007-01-24 : Initial release

Vulnerability Management

Subscribe to VUPEN VNS and receive real-time e-mail and SMS alerts when new advisories or patches relevant to your systems and network configurations are available.

Feedback

If you have additional information or corrections for this security advisory please submit them via our contact form.