---------------------------------------------------------------------------- Drupal security advisory DRUPAL-SA-2005-001 ---------------------------------------------------------------------------- Advisory ID: DRUPAL-SA-2005-001 Date: 2005-jun-01 Security risk: highly critical Impact: system access Where: from remote Vulnerability: privilege escalation ---------------------------------------------------------------------------- Description ----------- The Drupal Security Team has found that the privilege system of Drupal can be circumvented in a very special case because an input check is not implemented properly. Versions affected ----------------- Drupal 4.4.0, 4.4.1, 4.4.2 Drupal 4.5.0, 4.5.1, 4.5.2 Drupal 4.6.0 Impact ------ If public registration is allowed then it is possible for an attacker to obtain additional user roles. As a result, an attacker could grant himself administration privileges. Solution -------- Either upgrade or disable public registration: - If you are running Drupal 4.4.x, then upgrade to Drupal 4.4.3. - If you are running Drupal 4.5.2, then upgrade to Drupal 4.5.3. - If you are running Drupal 4.6.0, then upgrade to Drupal 4.6.1. - If you cannot upgrade immediately, you can secure your site by disabling the public registration of Drupal accounts from Drupal's user administration screen. Log-in as an administrator, go to "administer >> users >> configure" and set the "Public registrations" option to "Only site administrators can create new user accounts". Contact ------- The security contact for Drupal can be reached at security@xxxxxxxxxx or using the form at http://drupal.org/contact. // Uwe Herman, on behalf of the Drupal Security Team. -- Uwe Hermann <uwe@xxxxxxxxxxxxxx> http://www.hermann-uwe.de | http://www.crazy-hacks.org http://www.it-services-uh.de | http://www.phpmeat.org http://www.unmaintained-free-software.org | http://www.holsham-traders.de
Attachment:
signature.asc
Description: Digital signature