| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Fileshare - Code execution http://forum.scoutnet.be/viewtopic.php?f=19&t=2050 |
Pagina 1 van 1 |
| Auteur: | To [ 12 Jan 2008 12:47 ] |
| Titel: | [Drupal] Security announcements: Fileshare - Code execution |
------------SA-2008-004 - FILESHARE - ARBITRARY CODE EXECUTION------------ * Advisory ID: DRUPAL-SA-2008-004 * Project: Fileshare (third-party module) * Version: 4.7.x, 5.x * Date: 2008-January-10 * Security risk: Highly critical * Exploitable from: Remote * Vulnerability: Arbitrary code execution ------------DESCRIPTION------------ The fileshare module is used to create nodes that allow browsing, uploading, downloading and deleting of files from a fileshare directory that is created by Drupal and linked to the node. Users who are able to create fileshare nodes are able to execute arbitrary code on the server. ------------VERSIONS AFFECTED------------ All versions of Fileshare. Drupal core is not affected. If you do not use the contributed Fileshare module, there is nothing you need to do. ------------SOLUTION------------ Disable the Fileshare module and remove the module from your filesystem. There is no fixed version of Fileshare available. The project has been removed from Drupal.org. ------------REPORTED BY------------ Magne Eimot. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|