Drupal development team yesterday released important security updates for its widely used open-source content management software that addresses a critical and three “moderately critical” vulnerabilities in its core system.
Symlinks Vulnerability in Drupal
The only advisory with critical severity includes patches for multiple vulnerabilities in a third-party library, called ‘Archive_Tar,’ that Drupal Core uses for creating, listing, extracting, and adding files to tar archives.
The vulnerability resides in the way the affected library untar archives with symlinks, which, if exploited, could allow an attacker to overwrite sensitive files on a targeted server by uploading a maliciously crafted tar file.
Drupal developers have also patched three “moderately critical” vulnerabilities in its Core software, which are as follows:
- Denial of Service (DoS): The install.php file used by Drupal 8 Core contains a flaw that can be exploited by a remote, unauthenticated attacker to impair the availability of a targeted website.
- Security Restriction Bypass: The file upload function in Drupal 8 does not strip leading and trailing dot (‘.’) from filenames, which can be used by an attacker with file upload ability to overwrite arbitrary system files, such as .htaccess to bypass security protections.
- Unauthorized Access: This vulnerability exists in Drupal’s default Media Library module when it doesn’t correctly restrict access to media items in certain configurations. Thus, it could allow a low-privileged user to gain unauthorized access to sensitive information that is otherwise out of his reach.
Since a proof-of-concept exists for the critical Drupal vulnerability, users running vulnerable versions of Drupal are highly recommended to update their CMS to the latest Drupal core release as soon as possible.