Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:8786
HistoryJun 03, 2005 - 12:00 a.m.

[Full-disclosure] [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue

2005-06-0300:00:00
vulners.com
60

Drupal security advisory DRUPAL-SA-2005-001

Advisory ID: DRUPAL-SA-2005-001
Date: 2005-jun-01
Security risk: highly critical
Impact: system access
Where: from remote
Vulnerability: privilege escalation

Description

The Drupal Security Team has found that the privilege system of Drupal can
be circumvented in a very special case because an input check is not
implemented properly.

Versions affected

Drupal 4.4.0, 4.4.1, 4.4.2
Drupal 4.5.0, 4.5.1, 4.5.2
Drupal 4.6.0

Impact

If public registration is allowed then it is possible for an attacker
to obtain additional user roles. As a result, an attacker could grant
himself administration privileges.

Solution

Either upgrade or disable public registration:

  • If you are running Drupal 4.4.x, then upgrade to Drupal 4.4.3.
  • If you are running Drupal 4.5.2, then upgrade to Drupal 4.5.3.
  • If you are running Drupal 4.6.0, then upgrade to Drupal 4.6.1.
  • If you cannot upgrade immediately, you can secure your site by
    disabling the public registration of Drupal accounts from Drupal's user
    administration screen. Log-in as an administrator, go to "administer >>
    users >> configure" and set the "Public registrations" option to "Only
    site administrators can create new user accounts".

Contact

The security contact for Drupal can be reached at [email protected]
or using the form at http://drupal.org/contact.

// Uwe Herman, on behalf of the Drupal Security Team.

Uwe Hermann <[email protected]>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de