• info
• discussion
• exploit
• solution
• references

Drupal View User Profile Authorization Bypass Vulnerability

Solution:

Debian Linux has released security advisory DSA 958-1 addressing this and other issues. Please see the referenced advisory for further information.

The vendor has released an update addressing this issue:


Drupal Drupal 4.6

• Drupal drupal-4.6.4.tar.gz
  http://drupal.org/files/projects/drupal-4.6.4.tar.gz

Drupal Drupal 4.6.1

• Drupal drupal-4.6.4.tar.gz
  http://drupal.org/files/projects/drupal-4.6.4.tar.gz

Drupal Drupal 4.6.2

• Drupal drupal-4.6.4.tar.gz
  http://drupal.org/files/projects/drupal-4.6.4.tar.gz

Drupal Drupal 4.6.3

• Drupal drupal-4.6.4.tar.gz
  http://drupal.org/files/projects/drupal-4.6.4.tar.gz