Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] [DRUPAL-SA-2005-001] New Drupal release fixes critical security issue

From: Uwe Hermann (uwehermann-uwe.de)
Date: Fri Jun 03 2005 - 05:47:42 CDT

Drupal security advisory DRUPAL-SA-2005-001
Advisory ID: DRUPAL-SA-2005-001
Date: 2005-jun-01
Security risk: highly critical
Impact: system access
Where: from remote
Vulnerability: privilege escalation

The Drupal Security Team has found that the privilege system of Drupal can
be circumvented in a very special case because an input check is not
implemented properly.

Versions affected
Drupal 4.4.0, 4.4.1, 4.4.2
Drupal 4.5.0, 4.5.1, 4.5.2
Drupal 4.6.0

If public registration is allowed then it is possible for an attacker
to obtain additional user roles. As a result, an attacker could grant
himself administration privileges.

Either upgrade or disable public registration:
- If you are running Drupal 4.4.x, then upgrade to Drupal 4.4.3.
- If you are running Drupal 4.5.2, then upgrade to Drupal 4.5.3.
- If you are running Drupal 4.6.0, then upgrade to Drupal 4.6.1.
- If you cannot upgrade immediately, you can secure your site by
  disabling the public registration of Drupal accounts from Drupal's user
  administration screen. Log-in as an administrator, go to "administer >>
  users >> configure" and set the "Public registrations" option to "Only
  site administrators can create new user accounts".

The security contact for Drupal can be reached at securitydrupal.org
or using the form at http://drupal.org/contact.

// Uwe Herman, on behalf of the Drupal Security Team.
Uwe Hermann <uwehermann-uwe.de>
http://www.hermann-uwe.de | http://www.crazy-hacks.org
http://www.it-services-uh.de | http://www.phpmeat.org
http://www.unmaintained-free-software.org | http://www.holsham-traders.de

Version: GnuPG v1.4.1 (GNU/Linux)


Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/