[DRUPAL-SA-2006-001] Drupal 4.6.6 / 4.5.8 fixes access control issue

2006-03-14T00:00:00
ID SECURITYVULNS:DOC:11800
Type securityvulns
Reporter Securityvulns
Modified 2006-03-14T00:00:00

Description


Drupal security advisory DRUPAL-SA-2006-001

Advisory ID: DRUPAL-SA-2006-001 Project: Drupal core Date: 2006-03-13 Security risk: less critical Impact: security bypass Where: from remote Vulnerability: bypass access control


Description

If you use menu.module to create a menu item, the page you point to will be accessible to all, even if it is an admin page.

Versions affected

All Drupal versions before 4.6.6.

Solution

If you are running Drupal 4.5.x then upgrade to Drupal 4.5.8. If you are running Drupal 4.6.x then upgrade to Drupal 4.6.6.

Contact

The security contact for Drupal can be reached at security@drupal.org or using the form at http://drupal.org/contact. More information is available from http://drupal.org/security or from our security RSS feed http://drupal.org/security/rss.xml.

// Uwe Hermann, on behalf of the Drupal Security Team.

Uwe Hermann http://www.hermann-uwe.de http://www.it-services-uh.de | http://www.crazy-hacks.org http://www.holsham-traders.de | http://www.unmaintained-free-software.org