- Advisory ID: DRUPAL-SA-CONTRIB-2010-098
- Project: memcache (third-party module)
- Version: 5.x, 6.x
- Date: 2010-September-29
- Security risk: Moderately critical
- Exploitable from: Remote
- Vulnerability: Access bypass, Cross-Site Scripting
Description
The Memcache project provides an alternative cache backend which works with memcached program to speed up high traffic sites.
The memcache backend caches the current $user object a little too aggressively, which can lead to a role change not being recognized until the user logs in again.
The memcache_admin module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting (XSS) vulnerability which can be used by a malicious user to gain full administrative access.
CVE identifier(s) issued
- CVE-2010-5276 for the user role issue
- CVE-2010-5275 for the XSS issue
Versions affected
- Memcache for Drupal 6.x versions prior to 6.x-1.6
- Memcache for Drupal 5.x versions prior to 5.x-1.10
Drupal core is not affected. If you do not use the contributed Memcache backend there is nothing you need to do.
Solution
Install the latest version:
- If you use the Memcache for Drupal 6.x, upgrade to Memcache 6.x-1.6
- If you use the Memcache for Drupal 5.x, upgrade to Memcache 5.x-2.10
See also the Memcache project page.
Reported by
- Justin James Grevich (jgrevich)
- Moshe Weitzman, of the Drupal Security Team
Fixed by
- Robert Douglass (robertDouglass), module maintainer
- Moshe Weitzman, of the Drupal Security Team
Contact
The Drupal security team can be reached at security at drupal.org or via the form at http://drupal.org/contact.
