Launchpad.net

CVE 2008-6532

Multiple cross-site request forgery (CSRF) vulnerabilities in the update feature in Drupal 5.x before 5.13 and 6.x before 6.7 allow remote attackers to perform unauthorized actions as the superuser via unspecified vectors, as demonstrated by causing the superuser to "execute old updates" that modify the database.

Related bugs and status

CVE-2008-6532 (Candidate) is related to these bugs:

Bug #352644: generally unsecure drupal5 packages

Summary				In	Importance	Status
	352644	generally unsecure drupal5 packages		drupal5 (Ubuntu)	Undecided	Invalid

Bug #431080: Fix critical security issues in drupal packages

		In	Importance	Status
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Hardy)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Intrepid)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Jaunty)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Ubuntu Karmic)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal5 (Debian)	Unknown	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Hardy)	Undecided	Invalid
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Intrepid)	Undecided	Invalid
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Jaunty)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Ubuntu Karmic)	Undecided	Fix Released
431080	Fix critical security issues in drupal packages	drupal6 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

References

CONFIRM: http://drupal.org/node...
OSVDB: 50661
SECUNIA: 33112
VUPEN: ADV-2008-3414
FEDORA: FEDORA-2008-11196
FEDORA: FEDORA-2008-11213
SECUNIA: 33147
XF: drupal-unspecified-sup...