Debian DSA-2016-1 : drupal6 - several vulnerabilities
2010-03-15T00:00:00
ID DEBIAN_DSA-2016.NASL Type nessus Reporter This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof. Modified 2010-03-15T00:00:00
Description
Several vulnerabilities (SA-CORE-2010-001) have been discovered in
drupal6, a fully-featured content management framework.
Installation cross site scripting
A user-supplied value is directly output during installation allowing
a malicious user to craft a URL and perform a cross-site scripting
attack. The exploit can only be conducted on sites not yet installed.
Open redirection
The API function drupal_goto() is susceptible to a phishing attack. An
attacker could formulate a redirect in a way that gets the Drupal site
to send the user to an arbitrarily provided URL. No user submitted
data will be sent to that URL.
Locale module cross site scripting
Locale module and dependent contributed modules do not sanitize the
display of language codes, native and English language names properly.
While these usually come from a preselected list, arbitrary
administrator input is allowed. This vulnerability is mitigated by the
fact that the attacker must have a role with the 'administer
languages' permission.
Blocked user session regeneration
Under certain circumstances, a user with an open session that is
blocked can maintain his/her session on the Drupal site, despite being
blocked.
#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Debian Security Advisory DSA-2016. The text
# itself is copyright (C) Software in the Public Interest, Inc.
#
include('deprecated_nasl_level.inc');
include('compat.inc');
if (description)
{
script_id(45057);
script_version("1.9");
script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/04");
script_xref(name:"DSA", value:"2016");
script_name(english:"Debian DSA-2016-1 : drupal6 - several vulnerabilities");
script_summary(english:"Checks dpkg output for the updated package");
script_set_attribute(
attribute:"synopsis",
value:"The remote Debian host is missing a security-related update."
);
script_set_attribute(
attribute:"description",
value:
"Several vulnerabilities (SA-CORE-2010-001) have been discovered in
drupal6, a fully-featured content management framework.
Installation cross site scripting
A user-supplied value is directly output during installation allowing
a malicious user to craft a URL and perform a cross-site scripting
attack. The exploit can only be conducted on sites not yet installed.
Open redirection
The API function drupal_goto() is susceptible to a phishing attack. An
attacker could formulate a redirect in a way that gets the Drupal site
to send the user to an arbitrarily provided URL. No user submitted
data will be sent to that URL.
Locale module cross site scripting
Locale module and dependent contributed modules do not sanitize the
display of language codes, native and English language names properly.
While these usually come from a preselected list, arbitrary
administrator input is allowed. This vulnerability is mitigated by the
fact that the attacker must have a role with the 'administer
languages' permission.
Blocked user session regeneration
Under certain circumstances, a user with an open session that is
blocked can maintain his/her session on the Drupal site, despite being
blocked."
);
script_set_attribute(
attribute:"see_also",
value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572439"
);
script_set_attribute(
attribute:"see_also",
value:"https://www.debian.org/security/2010/dsa-2016"
);
script_set_attribute(
attribute:"solution",
value:
"Upgrade the drupal6 package.
For the stable distribution (lenny), these problems have been fixed in
version 6.6-3lenny5."
);
script_set_attribute(attribute:"risk_factor", value:"High");
script_set_attribute(attribute:"plugin_type", value:"local");
script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal6");
script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:5.0");
script_set_attribute(attribute:"patch_publication_date", value:"2010/03/13");
script_set_attribute(attribute:"plugin_publication_date", value:"2010/03/15");
script_end_attributes();
script_category(ACT_GATHER_INFO);
script_copyright(english:"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
script_family(english:"Debian Local Security Checks");
script_dependencies("ssh_get_info.nasl");
script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
exit(0);
}
include("audit.inc");
include("debian_package.inc");
if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
flag = 0;
if (deb_check(release:"5.0", prefix:"drupal6", reference:"6.6-3lenny5")) flag++;
if (flag)
{
if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
else security_hole(0);
exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");
{"id": "DEBIAN_DSA-2016.NASL", "bulletinFamily": "scanner", "title": "Debian DSA-2016-1 : drupal6 - several vulnerabilities", "description": "Several vulnerabilities (SA-CORE-2010-001) have been discovered in\ndrupal6, a fully-featured content management framework.\n\nInstallation cross site scripting\n\nA user-supplied value is directly output during installation allowing\na malicious user to craft a URL and perform a cross-site scripting\nattack. The exploit can only be conducted on sites not yet installed.\n\nOpen redirection\n\nThe API function drupal_goto() is susceptible to a phishing attack. An\nattacker could formulate a redirect in a way that gets the Drupal site\nto send the user to an arbitrarily provided URL. No user submitted\ndata will be sent to that URL.\n\nLocale module cross site scripting\n\nLocale module and dependent contributed modules do not sanitize the\ndisplay of language codes, native and English language names properly.\nWhile these usually come from a preselected list, arbitrary\nadministrator input is allowed. This vulnerability is mitigated by the\nfact that the attacker must have a role with the 'administer\nlanguages' permission.\n\nBlocked user session regeneration\n\nUnder certain circumstances, a user with an open session that is\nblocked can maintain his/her session on the Drupal site, despite being\nblocked.", "published": "2010-03-15T00:00:00", "modified": "2010-03-15T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.tenable.com/plugins/nessus/45057", "reporter": "This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.", "references": ["https://www.debian.org/security/2010/dsa-2016", "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572439"], "cvelist": [], "type": "nessus", "lastseen": "2021-01-06T09:45:55", "edition": 25, "viewCount": 0, "enchantments": {"dependencies": {"references": [], "modified": "2021-01-06T09:45:55", "rev": 2}, "score": {"value": -0.1, "vector": "NONE", "modified": "2021-01-06T09:45:55", "rev": 2}, "vulnersScore": -0.1}, "sourceData": "#%NASL_MIN_LEVEL 70300\n#\n# (C) Tenable Network Security, Inc.\n#\n# The descriptive text and package checks in this plugin were \n# extracted from Debian Security Advisory DSA-2016. The text \n# itself is copyright (C) Software in the Public Interest, Inc.\n#\n\ninclude('deprecated_nasl_level.inc');\ninclude('compat.inc');\n\nif (description)\n{\n script_id(45057);\n script_version(\"1.9\");\n script_set_attribute(attribute:\"plugin_modification_date\", value:\"2021/01/04\");\n\n script_xref(name:\"DSA\", value:\"2016\");\n\n script_name(english:\"Debian DSA-2016-1 : drupal6 - several vulnerabilities\");\n script_summary(english:\"Checks dpkg output for the updated package\");\n\n script_set_attribute(\n attribute:\"synopsis\", \n value:\"The remote Debian host is missing a security-related update.\"\n );\n script_set_attribute(\n attribute:\"description\", \n value:\n\"Several vulnerabilities (SA-CORE-2010-001) have been discovered in\ndrupal6, a fully-featured content management framework.\n\nInstallation cross site scripting\n\nA user-supplied value is directly output during installation allowing\na malicious user to craft a URL and perform a cross-site scripting\nattack. The exploit can only be conducted on sites not yet installed.\n\nOpen redirection\n\nThe API function drupal_goto() is susceptible to a phishing attack. An\nattacker could formulate a redirect in a way that gets the Drupal site\nto send the user to an arbitrarily provided URL. No user submitted\ndata will be sent to that URL.\n\nLocale module cross site scripting\n\nLocale module and dependent contributed modules do not sanitize the\ndisplay of language codes, native and English language names properly.\nWhile these usually come from a preselected list, arbitrary\nadministrator input is allowed. This vulnerability is mitigated by the\nfact that the attacker must have a role with the 'administer\nlanguages' permission.\n\nBlocked user session regeneration\n\nUnder certain circumstances, a user with an open session that is\nblocked can maintain his/her session on the Drupal site, despite being\nblocked.\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=572439\"\n );\n script_set_attribute(\n attribute:\"see_also\",\n value:\"https://www.debian.org/security/2010/dsa-2016\"\n );\n script_set_attribute(\n attribute:\"solution\", \n value:\n\"Upgrade the drupal6 package.\n\nFor the stable distribution (lenny), these problems have been fixed in\nversion 6.6-3lenny5.\"\n );\n script_set_attribute(attribute:\"risk_factor\", value:\"High\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_set_attribute(attribute:\"cpe\", value:\"p-cpe:/a:debian:debian_linux:drupal6\");\n script_set_attribute(attribute:\"cpe\", value:\"cpe:/o:debian:debian_linux:5.0\");\n\n script_set_attribute(attribute:\"patch_publication_date\", value:\"2010/03/13\");\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2010/03/15\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_copyright(english:\"This script is Copyright (C) 2010-2021 and is owned by Tenable, Inc. or an Affiliate thereof.\");\n script_family(english:\"Debian Local Security Checks\");\n\n script_dependencies(\"ssh_get_info.nasl\");\n script_require_keys(\"Host/local_checks_enabled\", \"Host/Debian/release\", \"Host/Debian/dpkg-l\");\n\n exit(0);\n}\n\n\ninclude(\"audit.inc\");\ninclude(\"debian_package.inc\");\n\n\nif (!get_kb_item(\"Host/local_checks_enabled\")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);\nif (!get_kb_item(\"Host/Debian/release\")) audit(AUDIT_OS_NOT, \"Debian\");\nif (!get_kb_item(\"Host/Debian/dpkg-l\")) audit(AUDIT_PACKAGE_LIST_MISSING);\n\n\nflag = 0;\nif (deb_check(release:\"5.0\", prefix:\"drupal6\", reference:\"6.6-3lenny5\")) flag++;\n\nif (flag)\n{\n if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());\n else security_hole(0);\n exit(0);\n}\nelse audit(AUDIT_HOST_NOT, \"affected\");\n", "naslFamily": "Debian Local Security Checks", "pluginID": "45057", "cpe": ["cpe:/o:debian:debian_linux:5.0", "p-cpe:/a:debian:debian_linux:drupal6"], "scheme": null}
