[Security-news] SA-CONTRIB-2011-031 - SunMailer - Access bypass
security-news at drupal.org
security-news at drupal.org
Wed Jul 20 20:16:53 UTC 2011
* Advisory ID: SA-CONTRIB-2011-31
* Project: SunMailer Newsletter [1] (third-party module)
* Version: 6.x
* Date: 2011-July-20
* Security risk: Less critical [2]
* Exploitable from: Remote
* Vulnerability: Access bypass
-------- DESCRIPTION
---------------------------------------------------------
SunMailer Newsletter creates an email newsletter that users can subscribe to.
The module includes a page where authenticated users can view and/or edit
their newsletter subscription. Access to this page was accidentally granted
to anonymous users, creating an access bypass that disclosed all user's
newsletter subscription to anonymous users and also allowed anonymous users
to tamper with the newsletter subscription.
This vulnerability is mitigated by the fact that it does not disclose the
email address of the subscriber. The exploit is also accessible only by
directly accessing the URL leading to the user's subscription page; no link
to the vulnerable page is shown in the user interface.
-------- VERSIONS AFFECTED
---------------------------------------------------
* 6.x-1.6 or prior versions
Drupal core is not affected. If you do not use the contributed SunMailer
Newsletter [3] module, there is nothing you need to do.
-------- SOLUTION
------------------------------------------------------------
Install the latest version:
* If you use the SunMailer Newsletter module for Drupal 6.x, upgrade to
version 6.x-1.7 [4]
See also the SunMailer Newsletter [5] project page.
-------- REPORTED BY
---------------------------------------------------------
* Mike Wacker [6] the module maintainer
-------- FIXED BY
------------------------------------------------------------
* Mike Wacker [7] the module maintainer
-------- CONTACT AND MORE INFORMATION
----------------------------------------
The Drupal security team can be reached at security at drupal.org or via the
contact form at http://drupal.org/contact [8].
Learn more about the Drupal Security team and their policies [9], writing
secure code for Drupal [10], and securing your site [11].
[1] http://drupal.org/project/sunmailer
[2] http://drupal.org/security-team/risk-levels
[3] http://drupal.org/project/sunmailer
[4] http://drupal.org/node/1199658
[5] http://drupal.org/project/sunmailer
[6] http://drupal.org/user/79520
[7] http://drupal.org/user/79520
[8] http://drupal.org/contact
[9] http://drupal.org/security-team
[10] http://drupal.org/writing-secure-code
[11] http://drupal.org/security/secure-configuration
More information about the Security-news
mailing list