Race condition in the rmtree function in File::Path 1.08 (lib/File/Path.pm) in Perl 5.8.8 allows local users to allows local users to delete arbitrary files via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5302 due to affected versions. (CVSS:6.9) (Last Update:2011-07-18)
CVE-2008-5302
Race condition in the rmtree function in File::Path 1.08 and 2.07 (lib/File/Path.pm) in Perl 5.8.8 and 5.10.0 allows local users to create arbitrary setuid binaries via a symlink attack, a different vulnerability than CVE-2005-0448, CVE-2004-0452, and CVE-2008-2827. NOTE: this is a regression error related to CVE-2005-0448. It is different from CVE-2008-5303 due to affected versions. (CVSS:6.9) (Last Update:2011-07-18)
CVE-2008-5183
cupsd in CUPS 1.3.9 and earlier allows local users, and possibly remote attackers, to cause a denial of service (daemon crash) by adding a large number of RSS Subscriptions, which triggers a NULL pointer dereference. NOTE: this issue can be triggered remotely by leveraging CVE-2008-5184. (CVSS:4.3) (Last Update:2011-03-17)
CVE-2008-5027
The Nagios process in (1) Nagios before 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote authenticated users to bypass authorization checks, and trigger execution of arbitrary programs by this process, via an (a) custom form or a (b) browser addon. (CVSS:6.5) (Last Update:2009-07-22)
CVE-2008-5028
Cross-site request forgery (CSRF) vulnerability in cmd.cgi in (1) Nagios 3.0.5 and (2) op5 Monitor before 4.0.1 allows remote attackers to send commands to the Nagios process, and trigger execution of arbitrary programs by this process, via unspecified HTTP requests. (CVSS:6.8) (Last Update:2009-08-13)
SA-2008-067 – Drupal core – Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-067
- Project: Drupal core
- Versions: 5.x and 6.x
- Date: 2008-October-22
- Security risk: Less Critical
- Exploitable from: Local/Remote
- Vulnerability: Multiple vulnerabilities
Description
Multiple vulnerabilities and weaknesses were discovered in Drupal.
File inclusion
On a server configured for IP-based virtual hosts, Drupal may be caused to include and execute specifically named files outside of its root directory.
This bug affects both Drupal 5 and Drupal 6.
Cross site scripting
The title of book pages is not always properly escaped, enabling users with the “create book content” permission or the permission to edit any node in the book hierarchy to insert arbitrary HTML and script code into pages. Such a Cross site scripting attack may lead to the attacker gaining administrator access.
This bug affects Drupal 6.
Versions Affected
- Drupal 5.x before version 5.12
- Drupal 6.x before version 6.6
Solution
Install the latest version:
- If you are running Drupal 5.x then upgrade to Drupal 5.12.
- If you are running Drupal 6.x then upgrade to Drupal 6.6.
Note: the settings.php, robots.txt and .htaccess files have not changed and can be left as they are if upgrading from the current version of Drupal.
If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. The patches fix security vulnerabilities, but do not contain other fixes which were released in these versions.
- To patch Drupal 5.11 use SA-2008-067-5.11.patch.
- To patch Drupal 6.5 use SA-2008-067-6.5.patch.
Reported by
- The file inclusion vulnerability was reported by Anthony Ferrara
- The cross site scripting issue was reported by Maarten van Grootel
Contact
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
Critical Patch Update – October 2008
CVE-2008-4510 (windows_vista)
Microsoft Windows Vista Home and Ultimate Edition SP1 and earlier allows local users to cause a denial of service (page fault and system crash) via multiple attempts to access a virtual address in a PAGE_NOACCESS memory page.
SA-2008-060 – Drupal core – Multiple vulnerabilities
- Advisory ID: DRUPAL-SA-2008-060
- Project: Drupal core
- Versions: 5.x and 6.x
- Date: 2008-October-8
- Security risk: Critical
- Exploitable from: Remote
- Vulnerability: Multiple vulnerabilities
Description
Multiple vulnerabilities and weaknesses were discovered in Drupal.
File upload access bypass
A logic error in the core upload module validation allowed unprivileged users to attach files to content. This bug affects Drupal 6.x only.
Users can view files attached to content which they do not otherwise have access to. This bug affects Drupal 5.x only.
If the core upload module is not enabled, your site will not be affected.
Access rules bypass
A deficiency in the user module allowed users who had been blocked by access rules to continue logging into the site under certain conditions.
If you do not use the ‘access rules’ functionality in core, your site will not be affected.
This bug affects both Drupal 5.x and Drupal 6.x.
BlogAPI access bypass
The BlogAPI module does not implement correct validation for certain content fields, allowing for values to be set for fields which would otherwise be inaccessible on an internal Drupal form. We have hardened these checks in BlogAPI module for this release, but the security team would like to re-iterate that the ‘Administer content with BlogAPI’ permission should only be given to trusted users.
If the core BlogAPI module is not enabled, your site will not be affected.
This bug affects both Drupal 5.x and Drupal 6.x.
Node validation bypass
A weakness in the node module API allowed for node validation to be bypassed in certain circumstances for contributed modules implementing the API. Additional checks have been added to ensure that validation is performed in all cases. This vulnerability only affects sites using one of a very small number of contributed modules, all of which will continue to work correctly with the improved API. None of them were found vulnerable, so our correction is a preventative measure.
This bug affects Drupal 5.x only.
Versions affected
- Drupal 5.x before version 5.11
- Drupal 6.x before version 6.5
Solution
Install the latest version:
- If you are running Drupal 5.x then upgrade to Drupal 5.11.
- If you are running Drupal 6.x then upgrade to Drupal 6.5.
Note: the settings.php, robots.txt and .htaccess files have not changed and can be left as they are if upgrading from the current version of Drupal.
If you are unable to upgrade immediately, you can apply a patch to secure your installation until you are able to do a proper upgrade. The patches fix security vulnerabilities, but do not contain other fixes which were released in these versions.
- To patch Drupal 5.10 use SA-2008-060-5.10.patch.
- To patch Drupal 6.4 use SA-2008-047-6.4.patch.
Reported by
- The upload module flaw was reported by Damien Tournoud*
- The access rules bypass was reported by jry2000 and Stéphane Corlosquet*
- The BlogAPI vulnerability was reported by Caleb Delnay, Gábor Hojtsy* and Heine Deelstra*
- The node modules vulnerability was reported by Derek Wright*
Names marked with asterisk are members of the Drupal security team.
Contact
The security team for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
CVE-2008-4360
mod_userdir in lighttpd before 1.4.20, when a case-insensitive operating system or filesystem is used, performs case-sensitive comparisons on filename components in configuration options, which might allow remote attackers to bypass intended access restrictions, as demonstrated by a request for a .PHP file when there is a configuration rule for .php files. (CVSS:7.8) (Last Update:2009-02-26)