[3/5] Drupal Simple Access Module Security Bypass

April 10th, 2008 by

[3/5] Drupal Simple Access Module Security Bypass

:A security issue has been reported in the Simple Access module for Drupal, which can be exploited by malicious people to bypass certain security restrictions.Privacy information for a node can be removed due to an unspecified error, usually triggered by other modules like Node clone or Project issue tracking. This can be exploited to make private nodes public. No further information is currently available.The security issue is reported in 5.x-1.2-2 and all prior versions.Solution:Update to version 5.x-1.3.Provided and/or discovered by:Derek Wright, Drupal Security TeamOriginal Advisory:DRUPAL-SA-2008-025:http://drupal.org/node/244560

Original post by pooja

[3/5] Drupal Simple Access Module Security Bypass

Related Articles:

[2/5] Drupal Forward Module Access Restriction Bypass

[2/5] Drupal Print Module Access Restriction Bypass

[3/5] Drupal Secure Site Module Security Bypass Vulnerability

[2/5] Drupal Header Image Module Security Bypass Vulnerability

[2/5] Drupal Project and Project Issue Tracking Modules Insecure Permissions

Posted in Advisories - Exploits | | [3/5] Drupal Simple Access Module Security Bypass

<< [4/5] Avaya SIP Enablement Services Multiple Vulnerabilities | [4/5] CDNetworks Nefficient Download NeffyLauncher ActiveX Control Directory Traversal >>

Cybertrion Systems

[3/5] Drupal Simple Access Module Security Bypass

Categories

Archives:

Search:

Meta: