Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 19 Mar 2012 12:22:06 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: Henri Salo <henri@...v.fi>
Subject: Re: CVE-request: Drupal Finder SA-CONTRIB-2012-017

On 03/16/2012 01:38 AM, Henri Salo wrote:
> Can we assign CVE-identifier for this vulnerability http://drupal.org/node/1432970 (SA-CONTRIB-2012-017)?

Please use CVE-2012-1561 for this issue.

> Description
> Finder is a Drupal module that allows users to create faceted search forms. The module's autocomplete, checkbox, and radio button functionalities previously did not sanitize the output of fields and raw database values.
> 
> In addition, users with the "administer finder" permission were able to execute arbitrary code through a PHP import interface; specific PHP execution permissions were not required.Updated: This issue affected only the 7.x branch of code. The 6.x branch used the permission "administer finder PHP settings" which is sufficiently clear that it allows execution of PHP code.
> 
> Versions affected
> Finder 6.x-1.x prior to 6.x-1.26
> Finder 7.x-1.x versions (all)
> Finder 7.x-2.x versions prior to 7.x-2.0-alpha8
> Drupal core is not affected. If you do not use the contributed Finder module, there is nothing you need to do.
> 
> Project: Finder (third-party module)
> Date: 2012-February-08
> Security risk: Moderately critical
> Exploitable from: Remote
> Vulnerability: Cross Site Scripting, Arbitrary PHP code execution, Multiple vulnerabilities
> 
> http://osvdb.org/show/osvdb/79014
> http://osvdb.org/show/osvdb/79015
> http://secunia.com/advisories/47943/
> http://secunia.com/advisories/47915/
> http://secunia.com/advisories/47941/
> 
> - Henri Salo


-- 
Kurt Seifried Red Hat Security Response Team (SRT)

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ