• Advisory ID: DRUPAL-SA-CONTRIB-2010-098
  • Project: memcache (third-party module)
  • Version: 5.x, 6.x
  • Date: 2010-September-29
  • Security risk: Moderately critical
  • Exploitable from: Remote
  • Vulnerability: Access bypass, Cross-Site Scripting

Description

The Memcache project provides an alternative cache backend which works with memcached program to speed up high traffic sites.

The memcache backend caches the current $user object a little too aggressively, which can lead to a role change not being recognized until the user logs in again.

The memcache_admin module does not sanitize some of the user supplied data before displaying it, leading to a Cross Site Scripting (XSS) vulnerability which can be used by a malicious user to gain full administrative access.

CVE identifier(s) issued

  • CVE-2010-5276 for the user role issue
  • CVE-2010-5275 for the XSS issue

Versions affected

  • Memcache for Drupal 6.x versions prior to 6.x-1.6
  • Memcache for Drupal 5.x versions prior to 5.x-1.10

Drupal core is not affected. If you do not use the contributed Memcache backend there is nothing you need to do.

Solution

Install the latest version:

See also the Memcache project page.

Reported by

Fixed by

Contact

The Drupal security team can be reached at security at drupal.org or via the form at http://drupal.org/contact.