[Security-news] Printer, email and PDF versions - Highly critical - Remote Code Execution - SA-CONTRIB-2018-063
security-news at drupal.org
security-news at drupal.org
Wed Oct 3 18:34:54 UTC 2018
View online: https://www.drupal.org/sa-contrib-2018-063
Project: Printer, email and PDF versions [1]
Version: 7.x-2.x-dev
Date: 2018-October-03
Security risk: *Highly critical* 20∕25
AC:None/A:None/CI:All/II:All/E:Theoretical/TD:Uncommon [2]
Vulnerability: Remote Code Execution
Description:
This module provides printer-friendly versions of content, including send by
e-mail and PDF versions.
The module doesn't sufficiently sanitize the arguments passed to the
wkhtmltopdf executable, allowing a remote attacker to execute arbitrary shell
commands. It also doesn't sufficiently sanitize the HTML content passed to
dompdf, allowing a privileged attacker to execute arbitrary PHP code.
This vulnerability is mitigated by the fact that the site must have either
the wkhtmltopdf or dompdf sub-modules enabled and selected as the PDF
generation tool. In the case of the dompdf vulnerability, the attacker must
be able to write content to the site.
Solution:
Install the latest version:
* If you use the print module for Drupal 7.x, upgrade to print 7.x-2.1 [3]
In alternative, disable PDF generation, or replace the PDF generation library
with another of the supported versions.
Also see the Printer, email and PDF versions [4] project page.
Reported By:
* yoloClin [5]
Fixed By:
* Lee Rowlands [6] of the Drupal Security Team
* João Ventura [7]
* yoloClin [8]
Coordinated By:
* Lee Rowlands [9] of the Drupal Security Team
* Michael Hess [10] of the Drupal Security Team
[1] https://www.drupal.org/project/print
[2] https://www.drupal.org/security-team/risk-levels
[3] https://www.drupal.org/project/print/releases/7.x-2.1
[4] https://www.drupal.org/project/print
[5] https://www.drupal.org/user/3585171
[6] https://www.drupal.org/user/395439
[7] https://www.drupal.org/user/122464
[8] https://www.drupal.org/user/3585171
[9] https://www.drupal.org/user/395439
[10] https://www.drupal.org/u/mlhess
More information about the Security-news
mailing list