------------PRINT - ACCESS BYPASS------------
* Advisory ID: DRUPAL-SA-2007-014
* Project: Print (third-party module)
* Version: 5.x and 4.7.x
* Date: 2007-July-09
* Security risk: Less critical
* Exploitable from: Remote
* Vulnerability: Access bypass
------------DESCRIPTION------------
Print is a module that allows site administrators to produce a "print friendly" version of a posting. By manipulating URL arguments, authenticated and anonymous users are able to access posts that should have been restricted by a node access module such as Organic Groups, Taxonomy Access Control, Taxonomy Access Lite, etc.
------------VERSIONS AFFECTED------------
* Print for Drupal 5.x before 5.x-1.2
* Print for Drupal 4.7.x before 4.7-1.0
Drupal core is not affected. If you do not use the contributed Print module, there is nothing you need to do.
------------SOLUTION------------
Install the latest version:
* Print 5.x-1.2 [
http://drupal.org/node/158032]
* Print 4.7.x-1.0 [
http://drupal.org/node/158029]
See also the Print project page [
http://drupal.org/project/print].
------------REPORTED BY------------
Tim Harman
------------CONTACT------------
The security contact for Drupal can be reached at security at drupal.org or via the form at [
http://drupal.org/contact].