- Advisory ID: DRUPAL-SA-2006-019
- Project: Pubcookie 4.6, 4.7
- Date: 2006-Sep-8
- Security risk: highly critical
- Exploitable from: remote
- Vulnerability: security bypass
Description
It is possible for a malicious user to spoof a user's identity by bypassing the login redirection mechanism in the pubcookie module. The malicious user may gain the privileges of the user they are spoofing, including the administrative user.
Versions affected
Drupal core is not affected. If you do not use the pubcookie module (which provides single sign-on for organizations using pubcookie), there is nothing you need to do.
If you are running pubcookie, Please check the CVS $Id$ fields on the second line of the file pubcookie.module to determine whether the version you are running is vulnerable. Versions older than the following are vulnerable:
- Drupal 4.6 - // $Id: pubcookie.module,v 1.2.2.4 2006/09/07 01:44:11 jvandyk Exp $
- Drupal 4.7 - // $Id: pubcookie.module,v 1.6.2.1 2006/09/06 22:43:31 jvandyk Exp $
Solution
Install the latest version:
See also the pubcookie project page.
Reported by
Eric Drechsel.
Contact
The security contact for Drupal can be reached at security at drupal.org or via the form at http://drupal.org/contact.
