Drupal 6.x < 6.29 Multiple Vulnerabilities

medium Nessus Plugin ID 71144

Synopsis

The remote web server is running a PHP application that is affected by multiple vulnerabilities.

Description

The remote web server is running a version of Drupal that is 6.x prior to 6.29. It is, therefore, potentially affected by multiple vulnerabilities :

- An error exists related to the HTML form API and validation callbacks as used by third-party modules that could allow an attacker to bypass the cross-site request forgery protections. (CVE-2013-6385)

- An error exists in the function mt_rand(), used for pseudorandom number generation, that could allow an attacker to obtain seeds through brute-force attacks.
(CVE-2013-6386)

- On Apache web servers containing application code that does not protect against the execution of uploaded files, it may be possible to upload arbitrary PHP files and cause them to execute. Note that if the intended remediation is an upgrade and the server is an Apache server, a manual fix is required. (BID 63845)

- An error exists in the function drupal_valid_token() that could allow it to validate invalid tokens, thus allowing a security bypass. Note that an attacker must be able to cause a non-string value to be passed to the function for a successful attack. (BID 63849)

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version number.

Solution

Upgrade to version 6.29 or later.

See Also

https://www.drupal.org/SA-CORE-2013-003

https://www.drupal.org/project/drupal/releases/6.29

Plugin Details

Severity: Medium

ID: 71144

File Name: drupal_6_29.nasl

Version: 1.14

Type: remote

Family: CGI abuses

Published: 11/30/2013

Updated: 4/11/2022

Configuration: Enable paranoid mode, Enable thorough checks

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.8

CVSS v2

Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:drupal:drupal

Required KB Items: www/PHP, installed_sw/Drupal, Settings/ParanoidReport

Exploit Ease: No known exploits are available

Patch Publication Date: 11/20/2013

Vulnerability Publication Date: 11/20/2013

Reference Information

CVE: CVE-2013-6385, CVE-2013-6386

BID: 63837, 63840, 63845, 63849