Debian update for drupal7



Published: 2018-10-20
Risk High
Patch available YES
Number of vulnerabilities 4
CVE-ID CVE-2018-7602
CVE-2018-7600
CWE-ID CWE-78
CWE-601
CWE-94
Exploitation vector Network
Public exploit Vulnerability #3 is being exploited in the wild.
Vulnerability #4 is being exploited in the wild.
Vulnerable software
Subscribe 		drupal7 (Debian package)
Operating systems & Components / Operating system package or component

Vendor Debian

Security Bulletin

This security bulletin contains information about 4 vulnerabilities.

1) OS command injection

EUVDB-ID: #VU15405

Risk: High

CVSSv3.1: 8.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-78 - Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to compromise vulnerable system.

The vulnerability exists due to insufficient sanitization of the user-supplied input when sending email messages via DefaultMailSystem::mail() function. A remote attacker can inject and execute arbitrary OS commands on the vulnerable system with privileges of the web server.

Mitigation

Update the affected package to version: 7.52-2+deb9u5.

Vulnerable software versions

drupal7 (Debian package): 7.0-1 - 7.52-2+deb9u4

External links

http://www.debian.org/security/2018/dsa-4323


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

2) Open redirect

EUVDB-ID: #VU15403

Risk: Low

CVSSv3.1: 2.4 [CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]

CVE-ID: N/A

CWE-ID: CWE-601 - URL Redirection to Untrusted Site ('Open Redirect')

Exploit availability: No

Description

The vulnerability allows a remote authenticated attacker to perform open redirection attacks.

The vulnerability exists due to the attacker with "administer paths" permissions can use a particular path in the URL that leads to open redirect.

Mitigation

Update the affected package to version: 7.52-2+deb9u5.

Vulnerable software versions

drupal7 (Debian package): 7.0-1 - 7.52-2+deb9u4

External links

http://www.debian.org/security/2018/dsa-4323


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote authenticated privileged user via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

3) Code injection

EUVDB-ID: #VU12182

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-7602

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable website.

The vulnerability exists due to improper input validation when processing HTTP requests. A remote unauthenticated attacker can send a specially crafted HTTP request to vulnerable website and compromise it.

Successful exploitation of the vulnerability may allow an attacker to gain full access to vulnerable website.

Note: the vendor updated the original advisory stating that this vulnerability is being exploited in the wild.

Mitigation

Update the affected package to version: 7.52-2+deb9u5.

Vulnerable software versions

drupal7 (Debian package): 7.0-1 - 7.52-2+deb9u4

External links

http://www.debian.org/security/2018/dsa-4323


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.

4) Code injection

EUVDB-ID: #VU11317

Risk: High

CVSSv3.1: 9.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2018-7600

CWE-ID: CWE-94 - Improper Control of Generation of Code ('Code Injection')

Exploit availability: Yes

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to unspecified error within multiple subsystems of Drupal installation. A remote unauthenticated attacker can execute arbitrary code on the target system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Mitigation

Update the affected package to version: 7.52-2+deb9u5.

Vulnerable software versions

drupal7 (Debian package): 7.0-1 - 7.52-2+deb9u4

External links

http://www.debian.org/security/2018/dsa-4323


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.



###SIDEBAR###