Zum Inhalt springen.
Sympa Menü

it-securitynotifies - [IT-SecNots] [Security-news] SA-CONTRIB-2011-031 - SunMailer - Access bypass

it-securitynotifies AT lists.piratenpartei.de

Betreff: Sicherheitsankündigungen

Listenarchiv

[IT-SecNots] [Security-news] SA-CONTRIB-2011-031 - SunMailer - Access bypass


Chronologisch Thread 
  • From: security-news AT drupal.org
  • To: security-news AT drupal.org
  • Subject: [IT-SecNots] [Security-news] SA-CONTRIB-2011-031 - SunMailer - Access bypass
  • Date: Wed, 20 Jul 2011 20:16:53 +0000 (UTC)
  • List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
  • List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>

* Advisory ID: SA-CONTRIB-2011-31
* Project: SunMailer Newsletter [1] (third-party module)
* Version: 6.x
* Date: 2011-July-20
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass

-------- DESCRIPTION
---------------------------------------------------------

SunMailer Newsletter creates an email newsletter that users can subscribe to.
The module includes a page where authenticated users can view and/or edit
their newsletter subscription. Access to this page was accidentally granted
to anonymous users, creating an access bypass that disclosed all user's
newsletter subscription to anonymous users and also allowed anonymous users
to tamper with the newsletter subscription.

This vulnerability is mitigated by the fact that it does not disclose the
email address of the subscriber. The exploit is also accessible only by
directly accessing the URL leading to the user's subscription page; no link
to the vulnerable page is shown in the user interface.

-------- VERSIONS AFFECTED
---------------------------------------------------

* 6.x-1.6 or prior versions

Drupal core is not affected. If you do not use the contributed SunMailer
Newsletter [3] module, there is nothing you need to do.

-------- SOLUTION
------------------------------------------------------------

Install the latest version:

* If you use the SunMailer Newsletter module for Drupal 6.x, upgrade to
version 6.x-1.7 [4]

See also the SunMailer Newsletter [5] project page.

-------- REPORTED BY
---------------------------------------------------------

* Mike Wacker [6] the module maintainer

-------- FIXED BY
------------------------------------------------------------

* Mike Wacker [7] the module maintainer

-------- CONTACT AND MORE INFORMATION
----------------------------------------

The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [8].

Learn more about the Drupal Security team and their policies [9], writing
secure code for Drupal [10], and securing your site [11].


[1] http://drupal.org/project/sunmailer
[2] http://drupal.org/security-team/risk-levels
[3] http://drupal.org/project/sunmailer
[4] http://drupal.org/node/1199658
[5] http://drupal.org/project/sunmailer
[6] http://drupal.org/user/79520
[7] http://drupal.org/user/79520
[8] http://drupal.org/contact
[9] http://drupal.org/security-team
[10] http://drupal.org/writing-secure-code
[11] http://drupal.org/security/secure-configuration

_______________________________________________
Security-news mailing list
Security-news AT drupal.org
http://lists.drupal.org/mailman/listinfo/security-news



  • [IT-SecNots] [Security-news] SA-CONTRIB-2011-031 - SunMailer - Access bypass, security-news, 20.07.2011

Archiv bereitgestellt durch MHonArc 2.6.19.

Seitenanfang