Debian DSA-3346-1 : drupal7 - security update

2015-09-02T00:00:00
ID DEBIAN_DSA-3346.NASL
Type nessus
Reporter Tenable
Modified 2015-11-01T00:00:00

Description

Several vulnerabilities were discovered in Drupal, a content management framework :

  • CVE-2015-6658 The form autocomplete functionality did not properly sanitize the requested URL, allowing remote attackers to perform a cross-site scripting attack.

  • CVE-2015-6659 The SQL comment filtering system could allow a user with elevated permissions to inject malicious code in SQL comments.

  • CVE-2015-6660 The form API did not perform form token validation early enough, allowing the file upload callbacks to be run with untrusted input. This could allow remote attackers to upload files to the site under another user's account.

  • CVE-2015-6661 Users without the 'access content' permission could see the titles of nodes that they do not have access to, if the nodes were added to a menu on the site that the users have access to.

  • CVE-2015-6665 Remote attackers could perform a cross-site scripting attack by invoking Drupal.ajax() on a whitelisted HTML element.

                                        
                                            #
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-3346. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include("compat.inc");

if (description)
{
  script_id(85726);
  script_version("$Revision: 2.4 $");
  script_cvs_date("$Date: 2015/11/01 04:40:10 $");

  script_cve_id("CVE-2015-6658", "CVE-2015-6659", "CVE-2015-6660", "CVE-2015-6661", "CVE-2015-6665");
  script_xref(name:"DSA", value:"3346");

  script_name(english:"Debian DSA-3346-1 : drupal7 - security update");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"Several vulnerabilities were discovered in Drupal, a content
management framework :

  - CVE-2015-6658
    The form autocomplete functionality did not properly
    sanitize the requested URL, allowing remote attackers to
    perform a cross-site scripting attack.

  - CVE-2015-6659
    The SQL comment filtering system could allow a user with
    elevated permissions to inject malicious code in SQL
    comments.

  - CVE-2015-6660
    The form API did not perform form token validation early
    enough, allowing the file upload callbacks to be run
    with untrusted input. This could allow remote attackers
    to upload files to the site under another user's
    account.

  - CVE-2015-6661
    Users without the 'access content' permission could see
    the titles of nodes that they do not have access to, if
    the nodes were added to a menu on the site that the
    users have access to.

  - CVE-2015-6665
    Remote attackers could perform a cross-site scripting
    attack by invoking Drupal.ajax() on a whitelisted HTML
    element."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-6658"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-6659"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-6660"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-6661"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2015-6665"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/wheezy/drupal7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/jessie/drupal7"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.debian.org/security/2015/dsa-3346"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the drupal7 packages.

For the oldstable distribution (wheezy), these problems have been
fixed in version 7.14-2+deb7u11.

For the stable distribution (jessie), these problems have been fixed
in version 7.32-1+deb8u5."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:drupal7");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:7.0");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:8.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2015/08/31");
  script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/02");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2015 Tenable Network Security, Inc.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"7.0", prefix:"drupal7", reference:"7.14-2+deb7u11")) flag++;
if (deb_check(release:"8.0", prefix:"drupal7", reference:"7.32-1+deb8u5")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");