Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities


Chronologisch Thread 
    < Chronologisch >      < Thread >
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities
  • Date: Wed, 15 Sep 2010 19:27:34 +0000 (UTC)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
* Advisory ID: DRUPAL-SA-CONTRIB-2010-093
* Project: Advanced Taxonomy Blocks (third-party module)
* Version: 6.x
* Date: 2010-September-15
* Security risk: Moderately critical
* Exploitable from: Remote
* Vulnerability: Cross Site Scripting, Cross Site Request Forgery

-------- DESCRIPTION
---------------------------------------------------------

Advanced Taxonomy Blocks makes use of the JQuery menu module to create
extremely customizable blocks for browsing through single hierarchy
taxonomies. The module contained Cross Site Scripting vulnerabilities which
could allow a malicious user with one of several non-default permissions to
inject arbitrary javascript into the administrative pages provided by this
module. The module also contained Cross Site Request Forgery vulnerabilities
which could allow an attacker to trick an administrator into unintentionally
deleting or resetting blocks provided by this module.
-------- VERSIONS AFFECTED
---------------------------------------------------

* Advanced Taxonomy Blocks module for Drupal 6.x versions prior to 6.x-3.4

Drupal core is not affected. If you do not use the contributed Advanced
Taxonomy Blocks [1] module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------

Install the latest version:
* If you use the Advanced Taxonomy Blocks module for Drupal 6.x upgrade to
Advanced Taxonomy Blocks 6.x-3.4 [2]

See also the Advanced Taxonomy Blocks [3].
-------- REPORTED BY
---------------------------------------------------------

* mr.baileys
, of the Drupal Security Team.

-------- FIXED BY
------------------------------------------------------------

* Aaron Hawkins
, the module maintainer.

-------- CONTACT
-------------------------------------------------------------

The Drupal security team [4] can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://drupal.org/project/taxonomyblocks
[2] http://drupal.org/node/912584
[3] http://drupal.org/project/taxonomyblocks
[4] http://drupal.org/security-team

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
http://lists.drupal.org/mailman/listinfo/security-news


  • [IT-SecurityNotifies] [Security-news] SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities, security-news, 15.09.2010

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang