Drupal 会话固定漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1195731 漏洞类型 授权问题
发布时间 2006-03-14 更新时间 2006-03-17
CVE编号 CVE-2006-1228 CNNVD-ID CNNVD-200603-266
漏洞平台 N/A CVSS评分 5.1
|漏洞来源
https://cxsecurity.com/issue/WLB-2006030072
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200603-266
|漏洞详情
在Drupal4.5.8之前版本4.5.x和4.5.8之前版本4.6.x中存在会话固定漏洞,远程攻击者可通过诱使用户去点击一个固定会话标识的URL取得特权。
|漏洞EXP
------------------------------------------------------------------------
----
Drupal security advisory                                  DRUPAL-SA-2006-003
------------------------------------------------------------------------
----
Advisory ID:    DRUPAL-SA-2006-003
Project:        Drupal core
Date:           2006-03-13
Security risk:  less critical
Impact:         hijacking
Where:          from remote
Vulnerability:  session fixation attack
------------------------------------------------------------------------
----

Description
-----------
If someone creates a clever enough URL and convinces you to click on it, and
you later log in but you do not log off then the attacker may be able to
impersonate you.

Versions affected
-----------------
All Drupal versions before 4.6.6.

Solution
--------
The fix to this issue requires PHP 4.3.2 or higher, which is higher than the
minimum requirements for the Drupal 4.5.x branch. If you are still running 
an older version of PHP, you must upgrade it or this issue will not be
fixed.

If you are running Drupal 4.5.x then upgrade to Drupal 4.5.8.
If you are running Drupal 4.6.x then upgrade to Drupal 4.6.6.

Reported by
-----------
Markus Petrux

Contact
-------
The security contact for Drupal can be reached at security (at) drupal (dot) org [email concealed]
or using the form at http://drupal.org/contact.
More information is available from http://drupal.org/security or from
our security RSS feed http://drupal.org/security/rss.xml.

// Uwe Hermann, on behalf of the Drupal Security Team.
-- 
Uwe Hermann 
http://www.hermann-uwe.de
http://www.it-services-uh.de  | http://www.crazy-hacks.org 
http://www.holsham-traders.de | http://www.unmaintained-free-software.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2 (GNU/Linux)

iD8DBQFEFiQHXdVoV3jWIbQRAiXMAJ0Yw2A5+Qy5OR6axr+lw5qji4JhYwCbB6sx
ZSSuZE8vP3+SZTGk8ZQo8gk=
=QyuT
-----END PGP SIGNATURE-----
|参考资料

来源:BUGTRAQ
名称:20060314[DRUPAL-SA-2006-003]Drupal4.6.6/4.5.8fixessessionfixationissue
链接:http://www.securityfocus.com/archive/1/archive/1/427589/100/0/threaded
来源:SECUNIA
名称:19245
链接:http://secunia.com/advisories/19245
来源:CONFIRM
名称:http://drupal.org/node/53805
链接:http://drupal.org/node/53805
来源:XF
名称:drupal-login-session-hijacking(25205)
链接:http://xforce.iss.net/xforce/xfdb/25205
来源:BID
名称:17104
链接:http://www.securityfocus.com/bid/17104
来源:OSVDB
名称:23911
链接:http://www.osvdb.org/23911
来源:DEBIAN
名称:DSA-1007
链接:http://www.debian.org/security/2006/dsa-1007
来源:SREASON
名称:580
链接:http://securityreason.com/securityalert/580
来源:SECUNIA
名称:19257
链接:http://secunia.com/advisories/19257