it-securitynotifies AT lists.piratenpartei.de
Betreff: Sicherheitsankündigungen
Listenarchiv
[IT-SecNots] [Security-news] SA-CONTRIB-2011-048 - Certificate Login SQL Injection
Chronologisch Thread
- From: security-news AT drupal.org
- To: security-news AT drupal.org
- Subject: [IT-SecNots] [Security-news] SA-CONTRIB-2011-048 - Certificate Login SQL Injection
- Date: Wed, 12 Oct 2011 19:39:02 +0000 (UTC)
- List-archive: <https://service.piratenpartei.de/pipermail/it-securitynotifies>
- List-id: Sicherheitsankündigungen <it-securitynotifies.lists.piratenpartei.de>
* Advisory ID: DRUPAL-SA-CONTRIB-2011-048
* Project: Certificate Login [1] (third-party module)
* Version: 5.x, 6.x
* Date: 2011-October-12
* Security risk: Critical [2]
* Exploitable from: Remote
* Vulnerability: SQL Injection
-------- DESCRIPTION
---------------------------------------------------------
The Certificate login module provides client certificate authentication of
Drupal users. The authentication is based on the client certificate's data
fields, which are then used as the user name for authentication. The obtained
data isn't properly sanitized using Drupal's database API, which may cause an
SQL injection vulnerability depending on the module settings.
-------- VERSIONS AFFECTED
---------------------------------------------------
* Certificate Login versions prior to 6.x-2.3.
Drupal core is not affected. If you do not use the contributed Certificate
Login [3] module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------
Install the latest version:
* If you use the Certificate Login module for Drupal 6.x, upgrade to
Certificate Login 6.x-2.3 [4].
Note: all Drupal 5.x modules are not supported, including the Certificate
Login module for 5.x. If you use Drupal 5.x you should upgrade now.
See also the Certificate Login [5] project page.
-------- REPORTED BY
---------------------------------------------------------
* Jyri-Petteri ”ZeiP” Paloposki [6]
-------- FIXED BY
------------------------------------------------------------
* Jyri-Petteri ”ZeiP” Paloposki [7], a module maintainer
-------- COORDINATED BY
------------------------------------------------------
* Greg Knaddison [8] of the Drupal Security Team
-------- CONTACT AND MORE INFORMATION
----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [9].
Learn more about the Drupal Security team and their policies [10], writing
secure code for Drupal [11], and securing your site [12].
[1] http://drupal.org/project/certificatelogin
[2] http://drupal.org/security-team/risk-levels
[3] http://drupal.org/project/certificatelogin
[4] https://drupal.org/node/1306488
[5] http://drupal.org/project/certificatelogin
[6] http://drupal.org/user/201465
[7] http://drupal.org/user/201465
[8] http://drupal.org/user/36762
[9] http://drupal.org/contact
[10] http://drupal.org/security-team
[11] http://drupal.org/writing-secure-code
[12] http://drupal.org/security/secure-configuration
_______________________________________________
Security-news mailing list
Security-news AT drupal.org
http://lists.drupal.org/mailman/listinfo/security-news
- [IT-SecNots] [Security-news] SA-CONTRIB-2011-048 - Certificate Login SQL Injection, security-news, 12.10.2011
Archiv bereitgestellt durch MHonArc 2.6.19.