Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-041: ImageField - Access Bypass

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-041: ImageField - Access Bypass


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-041: ImageField - Access Bypass
  • Date: Thu, 6 May 2010 00:42:56 +0000 (UTC)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
* Advisory ID: DRUPAL-SA-CONTRIB-2010-41
* Project: ImageField (third-party module)
* Version: 6.x
* Date: 2010-May-5
* Security risk: Less Critical
* Exploitable from: Remote
* Vulnerability: Access Bypass

-------- DESCRIPTION
---------------------------------------------------------

ImageField provides a file upload field for CCK, allowing files to be
attached to a node. ImageField intends to set a default extension of "png jpg
gif" for all new fields, but may actually save an empty string allowing all
of the "png jpg gif" extensions if an administrator does not save the field
configuration page after creating a new field. Any ImageField that has been
initially saved or edited with any extensions specified is not affected. This
vulnerability is mitigated by the attacker needing permission to create or
edit content with an unconfigured ImageField. ImageField also creates
thumbnails after uploading a new image. A second vulnerability is that this
thumbnail is not properly checked for access if using the Private Downloads
setting, allowing users that may not have access to view the full size image
to still view the administrative thumbnail.
-------- VERSIONS AFFECTED
---------------------------------------------------

* ImageField for Drupal 6.x versions prior to 6.x-3.3

Drupal core is not affected. If you do not use the contributed ImageField [1]
module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------

Install the latest version.
* If you use ImageField for Drupal 6.x upgrade to ImageField 6.x-3.3 [2]

-------- REPORTED BY
---------------------------------------------------------

* vb1 [3]

-------- FIXED BY
------------------------------------------------------------

* Nathan Haug [4] the module maintainer

-------- CONTACT
-------------------------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://drupal.org/project/imagefield
[2] http://drupal.org/node/791030
[3] http://drupal.org/user/690402
[4] http://drupal.org/user/35821

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
http://lists.drupal.org/mailman/listinfo/security-news


  • [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-041: ImageField - Access Bypass, security-news, 06.05.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang