Drupal Page Caching 未明漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192209 漏洞类型 设计错误
发布时间 2007-01-08 更新时间 2007-01-11
CVE编号 CVE-2007-0124 CNNVD-ID CNNVD-200701-072
漏洞平台 N/A CVSS评分 3.5
|漏洞来源
https://cxsecurity.com/issue/WLB-2007010031
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200701-072
|漏洞详情
Drupal4.6.11之前版本和4.7.5之前的4.7版本中存在未明漏洞。当MySQL被使用时,远程认证用户借助未明向量,对页高速缓冲存储器进行投毒,从而引起拒绝服务攻击。这会触发对既存网页的错误的404HTTP出错响应。
|漏洞EXP
------------------------------------------------------------------------
----
Drupal security advisory                                  DRUPAL-SA-2007-002
------------------------------------------------------------------------
----
Project:          Drupal core.
Date:             2007-Jan-05.
Security risk:    Less critical.
Exploitable from: Remote.
Vulnerability:    Denial of service.
------------------------------------------------------------------------
----
 
Description
-----------
The way page caching was implemented allows a denial of service attack. 
An attacker has to have the ability to post content on the site. He or she 
would then be able to poison the page cache, so that it returns cached 404 
page not found errors for existing pages.

If the page cache is not enabled, your site is not vulnerable. The 
vulnerability only affects sites running on top of MySQL.

Versions affected
-----------------
- Drupal 4.6.x versions before Drupal 4.6.11
- Drupal 4.7.x versions before Drupal 4.7.5

Solution
--------
- If you are running Drupal 4.6.x then upgrade to Drupal 4.6.11.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.6.11.tar.gz
- If you are running Drupal 4.7.x then upgrade to Drupal 4.7.5.
   http://ftp.osuosl.org/pub/drupal/files/projects/drupal-4.7.5.tar.gz

- To patch Drupal 4.6.10 use http://drupal.org/files/sa-2006-002/4.6.10.patch.
- To patch Drupal 4.7.4 use http://drupal.org/files/sa-2006-002/4.7.4.patch.

Please note that the patches only contain changes related to this advisory, and 
do not fix bugs that were solved in 4.6.11 or 4.7.5.

Reported by
-----------
Drupal security team.

Contact
-------
The security contact for Drupal can be reached at security at drupal.org or 
using the form at http://drupal.org/contact.

// Uwe Hermann, on behalf of the Drupal Security Team.
-- 
http://www.hermann-uwe.de  | http://www.holsham-traders.de
http://www.crazy-hacks.org | http://www.unmaintained-free-software.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFnjscXdVoV3jWIbQRAlShAKCCgVC5+rlms70ZhTsu+rhWMUNE3wCfct9x
jsxhz9w+pvmS6dKDlasiIy4=
=LHmi
-----END PGP SIGNATURE-----
|参考资料

来源:BID
名称:21895
链接:http://www.securityfocus.com/bid/21895
来源:BUGTRAQ
名称:20070105[DRUPAL-SA-2007-002]Drupal4.6.11/4.7.5fixesDoSissue
链接:http://www.securityfocus.com/archive/1/archive/1/456056/100/0/threaded
来源:VUPEN
名称:ADV-2007-0051
链接:http://www.frsirt.com/english/advisories/2007/0051
来源:SECUNIA
名称:23586
链接:http://secunia.com/advisories/23586
来源:CONFIRM
名称:http://drupal.org/node/104238
链接:http://drupal.org/node/104238
来源:OSVDB
名称:32131
链接:http://osvdb.org/32131
来源:SREASON
名称:2115
链接:http://securityreason.com/securityalert/2115