Date: Mon, 19 Mar 2012 12:22:06 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Henri Salo <henri@...v.fi> Subject: Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017 On 03/16/2012 01:38 AM, Henri Salo wrote: > Can we assign CVE-identifier for this vulnerability http://drupal.org/node/1432970 (SA-CONTRIB-2012-017)? Please use CVE-2012-1561 for this issue. > Description > Finder is a Drupal module that allows users to create faceted search forms. The module's autocomplete, checkbox, and radio button functionalities previously did not sanitize the output of fields and raw database values. > > In addition, users with the "administer finder" permission were able to execute arbitrary code through a PHP import interface; specific PHP execution permissions were not required.Updated: This issue affected only the 7.x branch of code. The 6.x branch used the permission "administer finder PHP settings" which is sufficiently clear that it allows execution of PHP code. > > Versions affected > Finder 6.x-1.x prior to 6.x-1.26 > Finder 7.x-1.x versions (all) > Finder 7.x-2.x versions prior to 7.x-2.0-alpha8 > Drupal core is not affected. If you do not use the contributed Finder module, there is nothing you need to do. > > Project: Finder (third-party module) > Date: 2012-February-08 > Security risk: Moderately critical > Exploitable from: Remote > Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities > > http://osvdb.org/show/osvdb/79014 > http://osvdb.org/show/osvdb/79015 > http://secunia.com/advisories/47943/ > http://secunia.com/advisories/47915/ > http://secunia.com/advisories/47941/ > > - Henri Salo -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ