• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

Drupal Arbitrary PHP Code Execution Vulnerability

Solution:
The vendor has addressed this issue in Drupal 4.6.2 and 4.5.4.

Debian Linux has relased security advisory DSA 745-1 addressing this issue for drupal. Please see the referenced advisory for details on obtaining and applying the appropriate updates.


Drupal Drupal 4.5

• Drupal drupal-4.5.5.tar.gz
  http://drupal.org/files/projects/drupal-4.5.5.tar.gz

Drupal Drupal 4.5.1

• Drupal drupal-4.5.5.tar.gz
  http://drupal.org/files/projects/drupal-4.5.5.tar.gz

Drupal Drupal 4.5.2

• Drupal drupal-4.5.5.tar.gz
  http://drupal.org/files/projects/drupal-4.5.5.tar.gz

Drupal Drupal 4.5.2

• Drupal drupal-4.5.5.tar.gz
  http://drupal.org/files/projects/drupal-4.5.5.tar.gz

Drupal Drupal 4.5.3

• Debian drupal_4.5.3-3_all.deb
  Debian 3.1 (sarge)
  http://security.debian.org/pool/updates/main/d/drupal/drupal_4.5.3-3_a ll.deb


• Drupal drupal-4.5.5.tar.gz
  http://drupal.org/files/projects/drupal-4.5.5.tar.gz

Drupal Drupal 4.6

• Drupal drupal-4.6.2.tar.gz
  http://drupal.org/files/projects/drupal-4.6.2.tar.gz

Drupal Drupal 4.6.1

• Drupal drupal-4.6.2.tar.gz
  http://drupal.org/files/projects/drupal-4.6.2.tar.gz