John Chen

Location
Brisbane,   QLD,   Australia
Sector
International Education
Interests
web design, Music, CSS, FLASH, Electronic Music, graphic design, art, internet security, Internet Marketing, electronics
Blog
John Chen
 

John's web design and music blog

« QuickTime 7.5.5... | Main | SEO_What not to do... »
Friday Sep 19, 2008

Drupal third-party module vulnerability - Mailsave, Link To Us

===========================================================================
AUSCERT External Security Bulletin Redistribution

ESB-2008.0887 -- [Win][UNIX/Linux][OSX]
Mailsave, Link To Us (Drupal third-party module) - Cross Site Scripting
18 September 2008

===========================================================================

AusCERT Security Bulletin Summary
---------------------------------

Product: Mailsave
Link To Us
Publisher: Drupal
Operating System: UNIX variants (UNIX, Linux, OSX)
Windows
Impact: Cross-site Scripting
Access: Remote/Unauthenticated

Original Bulletin: http://drupal.org/node/309802
http://drupal.org/node/309861

- --------------------------BEGIN INCLUDED TEXT--------------------

- ------------SA-2008-051 - MAILSAVE - CROSS SITE SCRIPTING------------

* Advisory ID: DRUPAL-SA-2008-051

* Project: Mailsave (third-party module)

* Versions: 5.x and 6.x

* Date: 2008-September-17

* Security risk: Critical

* Exploitable from: Remote

* Vulnerability: Cross site scripting

- ------------DESCRIPTION------------

Mailsave is a module that is designed to interact with mailhandler. It will
detach files that are emailed to the site and save them with the node.

The module trusts the mimetype that is send with the file enabling
malicious users with the ability to upload files to execute cross site
scripting attacks.

- ------------VERSIONS AFFECTED------------

* Versions of Mailsave for Drupal 5.x prior to 5.x-3.3

* Versions of Mailsave for Drupal 6.x prior to 6.x-1.3

Drupal core is not affected. If you do not use the Mailsave module, there is
nothing you need to do.

- ------------SOLUTION------------

Install the latest version.

* If you use Mailsave for Drupal 5.x upgrade to Mailsave 5.x-3.3 [
http://drupal.org/node/297842 ]

* If you use Mailsave for Drupal 6.x upgrade to Mailsave 6.x-1.3 [
http://drupal.org/node/297841 ]

Also see the Mailsave project page [ http://drupal.org/project/mailsave ].

- ------------REPORTED BY------------

* Mark Burdett (mfb [ http://drupal.org/user/12302 ])

- ------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at [ http://drupal.org/contact ] and by selecting the security
issues category.

- ------------SA-2008-052 - LINK TO US - CROSS SITE SCRIPTING------------

* Advisory ID: DRUPAL-SA-2008-052

* Project: Link To Us (third-party module)

* Versions: 5.x

* Date: 2008-September-17

* Security risk: Critical

* Exploitable from: Remote

* Vulnerability: Cross site scripting

- ------------DESCRIPTION------------

The Link To Us module creates a page to display uploaded banners that can
be used by others to link to your Drupal site. The module will create well
formed SEO links with full title, alt and anchor text determined by the
node title, taxonomy term or other pages that are directed to the module.

Unfortunately, the module does not properly escape text, which allows
malicious users who are able to post content to insert arbitrary HTML and
scripts into a page. Wikipedia has more information about such cross site
scripting [http://en.wikipedia.org/wiki/Xss ] (XSS) attacks.

- ------------VERSIONS AFFECTED------------

* Versions of Link To Us for Drupal 5.x prior to 5.x-1.1

Note: the 6.x development version is also vulnerable to this issue. A fix
for the issue will appear within 12 hours in the next 6.x development
snapshot.
Development snapshots are not supported.

Drupal core is not affected. If you do not use the Link To Us module, there
is nothing you need to do.

- ------------SOLUTION------------

Install the latest version.

* If you use Link To Us for Drupal 5.x upgrade to Link To Us 5.x-1.1
[http://drupal.org/node/309863 ]

Also see the Link To Us project page
[ http://drupal.org/project/link_to_us ].

- ------------REPORTED BY------------

* Justin Klein Keane

- ------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or
via the form at [ http://drupal.org/contact ] and by selecting the security
issues category.

Tags: blogs drupal. internet security auscert
Posted at 12:00AM Sep 19, 2008 by John Chen  | 

Comments:

Post a Comment:
Comments are closed for this entry.

Tags

3d art auscer auscert blogs boardroom hire bookkeeping consumer awareness data logging dc load design drupal. internet security electronic music general history internet internet explorer law su microsof online marketing proffesional training rsa courses. se security seo small business speed humps training and assestment course training room hire. virtual receptionist

Entries

Feeds

Links