SA-CONTRIB-2009-051 - ImageCache - Multiple vulnerabilities

By Drupal Security Team on 19 Aug 2009 at 21:06 UTC

Advisory ID: DRUPAL-SA-CONTRIB-2009-051
Project: ImageCache (third-party modules)
Version: 5.x, 6.x
Date: 2009-August-19
Security risk: Less critical
Exploitable from: Remote
Vulnerability: Multiple vulnerabilities

Description

ImageCache allows one to setup presets for image processing to create derivatives. ImageCache will dynamically generate a derivative on access if it doesn't exist.

Cross site scripting

Users with the "administer imagecache" permission are able to execute cross site scripting attacks because the ImageCache module doesn't properly escape a number of user-supplied preset variables before output.

Access bypass

ImageCache doesn't properly check access to originals when generating derivative images. When the private filesystem is enabled, and access to images is restricted, unprivileged users may still access an image if they know the image's filename.

Versions affected

ImageCache versions for Drupal 5.x prior to 5.x-2.5
ImageCache versions for Drupal 6.x prior to 6.x-2.0-beta10

Drupal core is not affected. If you do not use the contributed ImageCache module, there is nothing you need to do.

Solution

Install the latest version:

If you use ImageCache on Drupal 5.x upgrade to 5.x-2.5
If you use ImageCache on Drupal 6.x upgrade to 6.x-2.0-beta10

Beta software is not recommended for use on production sites. Such releases are not supported by the security team. Nevertheless, the maintainer elected to release 6.x-2.0-beta10 fixing the issues described in this announcement.