| Scoutnet vzw http://forum.scoutnet.be/ |
|
| [Drupal] Security announcements: Meta tags - Code execution http://forum.scoutnet.be/viewtopic.php?f=19&t=2054 |
Pagina 1 van 1 |
| Auteur: | To [ 15 Jan 2008 20:15 ] |
| Titel: | [Drupal] Security announcements: Meta tags - Code execution |
------------SA-2008-008 - META TAGS - ARBITRARY CODE EXECUTION------------ * Advisory ID: DRUPAL-SA-2008-008 * Project: Meta tags / Nodewords (third-party module) * Version: 5.x-1.6 * Date: 2007-January-14 * Security risk: Highly critical * Exploitable from: Remote * Vulnerability: Arbitrary code execution ------------DESCRIPTION------------ The Meta tags module, also known as Nodewords, adds HTML META tags to node, panel and view pages. If the site is configured to allow images in the body of any node type, any user that can create this node type is able to execute arbitrary code on the server. ------------VERSIONS AFFECTED------------ * Meta tags for Drupal 5.x, version Metatags 5.x-1.6 Drupal core is not affected. If you do not use the contributed Meta tags module, there is nothing you need to do. ------------SOLUTION------------ Install the latest version: * If you use Drupal 5.x upgrade to Meta tags 5.x-1.7 [ http://drupal.org/node/208827 ]. See also the Meta tags project page [ http://drupal.org/project/nodewords ]. ------------REPORTED BY------------ Robrecht Jacques [ http://drupal.org/user/22598 ], the Meta tags maintainer. ------------CONTACT------------ The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ]. |
|
| Pagina 1 van 1 | Alle tijden zijn UTC + 1 uur |
| Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |
|