January 2007
Monthly Archive
[Drupal] Drupal Textimage Module Security Bypas
TITLE:
Drupal Textimage Module Security Bypass
SECUNIA ADVISORY ID:
SA23985
VERIFY ADVISORY:
http://secunia.com/advisories/23985/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Drupal Textimage Module 4.x
http://secunia.com/product/13395/
Drupal Textimage Module 5.x
http://secunia.com/product/13396/
DESCRIPTION:
A weakness has been reported in the Textimage module for Drupal, which
can be exploited by malicious people to bypass certain security
restrictions.
The weakness is caused due to an unspecified error within the validation
of responses. This can be exploited to bypass the captcha protection by
manipulating certain request variables while posting.
The weakness is reported in Textimage 4.7.x versions prior to 4.7-1.2
and Textimage 5.x versions prior to 5.x-1.1.
SOLUTION:
Update to a fixed version.
Textimage 4.7.x-1.2:
http://drupal.org/node/114517
Textimage 5.x-1.1:
http://drupal.org/node/114518
PROVIDED AND/OR DISCOVERED BY:
The vendor credits Thomas Nilsson.
ORIGINAL ADVISORY:
http://drupal.org/node/114519
0 comments Wednesday 31 Jan 2007 | Guardian | Drupal
[Drupal] Drupal Captcha Module Security Bypas
TITLE:
Drupal Captcha Module Security Bypass
SECUNIA ADVISORY ID:
SA23983
VERIFY ADVISORY:
http://secunia.com/advisories/23983/
CRITICAL:
Not critical
IMPACT:
Security Bypass
WHERE:
From remote
SOFTWARE:
Drupal Captcha Module 4.x
http://secunia.com/product/13392/
Drupal Captcha Module 5.x
http://secunia.com/product/13391/
DESCRIPTION:
A weakness has been reported in the Captcha module for Drupal, which can
be exploited by malicious people to bypass certain security
restrictions.
The weakness is caused due to an error within the validation of certain
malformed responses. This can be exploited to bypass the captcha check
by sending a specially crafted response.
The weakness is reported in Captcha 4.7.x versions prior to 4.7-1.2 and
Captcha 5.x versions prior to 5.x-1.1.
SOLUTION:
Updated to a fixed version.
Captcha 4.7.x-1.2:
http://drupal.org/node/114367
Captcha 5.x-1.1.
http://drupal.org/node/114366
PROVIDED AND/OR DISCOVERED BY:
Independently reported by the Drupal Security Team and William Smith.
ORIGINAL ADVISORY:
http://drupal.org/node/114364
0 comments Wednesday 31 Jan 2007 | Guardian | Drupal