[drupal-peru] [Security-news] SA-CONTRIB-2010-040: FileField - Access Bypass

1 view
Skip to first unread message

securi...@drupal.org

unread,
May 5, 2010, 8:42:24 PM5/5/10
to securi...@drupal.org
* Advisory ID: DRUPAL-SA-CONTRIB-2010-40
* Project: FileField (third-party module)
* Version: 6.x
* Date: 2010-May-5
* Security risk: Moderately Critical
* Exploitable from: Remote
* Vulnerability: Access Bypass

-------- DESCRIPTION
---------------------------------------------------------

FileField provides a file upload field for CCK, allowing files to be attached
to a node. FileField intends to set a default extension of "txt" for all new
fields, but may actually save an empty string allowing all extensions if an
administrator does not save the field configuration page after creating a new
field. Execution of code in uploaded files is normally prevented by .htaccess
rules, regardless of file extension. Any FileField that has been initially
saved or edited with any extensions specified is not affected. This
vulnerability is mitigated by the attacker needing permission to create or
edit content with an unconfigured FileField.
-------- VERSIONS AFFECTED
---------------------------------------------------

* FileField for Drupal 6.x versions prior to 6.x-3.3

Drupal core is not affected. If you do not use the contributed FileField [1]
module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------

Install the latest version.
* If you use FileField for Drupal 6.x upgrade to FileField 6.x-3.3 [2]

-------- REPORTED BY
---------------------------------------------------------

* David Rothstein [3] of the Drupal Security Team

-------- FIXED BY
------------------------------------------------------------

* Nathan Haug [4] the module maintainer

-------- CONTACT
-------------------------------------------------------------

The security team for Drupal can be reached at security at drupal.org or via
the form at http://drupal.org/contact.

[1] http://drupal.org/project/filefield
[2] http://drupal.org/node/791032
[3] http://drupal.org/user/124982
[4] http://drupal.org/user/35821

_______________________________________________
Security-news mailing list
Securi...@drupal.org
http://lists.drupal.org/mailman/listinfo/security-news

--
Has recibido este mensaje porque estás suscrito a Grupo "Drupal Perú"
de Grupos de Google.
Si quieres publicar en este grupo, envía un mensaje de correo
electrónico a drupa...@googlegroups.com
Y revisa las reglas
http://groups.google.es/group/drupal-peru/web
Para anular la suscripción a este grupo, envía un mensaje a
drupal-peru...@googlegroups.com
Para obtener más opciones, visita este grupo en
http://groups.google.es/group/drupal-peru?hl=es.
Reply all
Reply to author
Forward
0 new messages