Scoutnet vzw
http://forum.scoutnet.be/

[Drupal] Security announcements: Outline designer - Privileg
http://forum.scoutnet.be/viewtopic.php?f=19&t=2150
Pagina 1 van 1

Auteur:  To [ 03 Jul 2008 17:35 ]
Titel:  [Drupal] Security announcements: Outline designer - Privileg

------------SA-2008-043 - OUTLINE DESIGNER - PRIVILEGE ESCALATION ------------

* Advisory ID: DRUPAL-SA-2008-043
* Project: Outline designer (third-party module)
* Version: 5.x
* Date: 2008-July-2
* Security risk: Highly critical
* Exploitable from: Remote
* Vulnerability: Privilege escalation

------------DESCRIPTION------------

The Outline designer module provides a visual way of structuring content in books.

A programming error in the module causes the current user to become authenticated as the author of the viewed content item.

------------VERSIONS AFFECTED------------

* Outline designer for Drupal 5.x prior to 5.x-1.4.

Drupal core is not affected. If you do not use the contributed Outline designer module, there is nothing you need to do.

------------SOLUTION------------

Install the latest version:

* Outline designer 5.x-1.4 [ http://drupal.org/node/277851 ].

See also the Outline designer project page [ http://drupal.org/project/outline_designer ].

------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org or via the form at [ http://drupal.org/contact ] and by selecting the security issues category.

Pagina 1 van 1 Alle tijden zijn UTC + 1 uur
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/