SA-CONTRIB-2010-093 - Advanced Taxonomy Blocks - Multiple Vulnerabilities - Security-news

15 Sep 2010


      * Advisory ID: DRUPAL-SA-CONTRIB-2010-093
  * Project: Advanced Taxonomy Blocks (third-party module)
  * Version: 6.x
  * Date: 2010-September-15
  * Security risk: Moderately critical
  * Exploitable from: Remote
  * Vulnerability: Cross Site Scripting, Cross Site Request Forgery
-------- DESCRIPTION  
---------------------------------------------------------
Advanced Taxonomy Blocks makes use of the JQuery menu module to create
extremely customizable blocks for browsing through single hierarchy
taxonomies. The module contained Cross Site Scripting vulnerabilities which
could allow a malicious user with one of several non-default permissions to
inject arbitrary javascript into the administrative pages provided by this
module. The module also contained Cross Site Request Forgery vulnerabilities
which could allow an attacker to trick an administrator into unintentionally
deleting or resetting blocks provided by this module.
-------- VERSIONS AFFECTED  
---------------------------------------------------
* Advanced Taxonomy Blocks module for Drupal 6.x versions prior to 6.x-3.4
Drupal core is not affected. If you do not use the contributed Advanced
Taxonomy Blocks [1] module, there is nothing you need to do.
-------- SOLUTION  
------------------------------------------------------------
Install the latest version:
  * If you use the Advanced Taxonomy Blocks module for Drupal 6.x upgrade to
    Advanced Taxonomy Blocks 6.x-3.4 [2]
See also the Advanced Taxonomy Blocks [3].
-------- REPORTED BY  
---------------------------------------------------------
* mr.baileys
    , of the Drupal Security Team.
-------- FIXED BY  
------------------------------------------------------------
* Aaron Hawkins
    , the module maintainer.
-------- CONTACT  
-------------------------------------------------------------
The Drupal security team [4] can be reached at security at drupal.org or via
the form at http://drupal.org/contact.
[1] http://drupal.org/project/taxonomyblocks
[2] http://drupal.org/node/912584
[3] http://drupal.org/project/taxonomyblocks
[4] http://drupal.org/security-team