[Frugalware-security] [ FSA-680 ] drupal6-cck
vmiklos at frugalware.org
Tue Aug 10 00:05:29 CEST 2010
-----BEGIN PGP SIGNED MESSAGE-----
Frugalware Security Advisory FSA-680
Vulnerable versions: <= 6.x_2.6-1
Unaffected versions: >= 6.x_2.7-1locris1
Related bugreport: http://bugs.frugalware.org/task/4243
CVE: No CVE, see http://drupal.org/node/829566.
Some vulnerabilities have been reported in the Drupal Content Construction Kit, which can be exploited by malicious users to disclose sensitive information.
1) A vulnerability in the CCK "Node Reference" module is caused due to improper validation of access levels, which can be exploited to gain view access to controlled nodes.
2) Another vulnerability in the "Node Reference" module is caused due to improper validation of access levels for a backend URL. This can be exploited to send direct queries to the backend URL and disclose node titles and IDs.
Check if you have drupal6-cck installed:
# pacman-g2 -Q drupal6-cck
If found, then you should upgrade to the latest version:
# pacman-g2 -Sy drupal6-cck
The latest revision of this advisory is available at
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: See http://ftp.frugalware.org/pub/README.GPG for info
-----END PGP SIGNATURE-----
More information about the Frugalware-security