Drupal Faster Permissions Module Access Security Bypass Vulnerability

Bugtraq ID:	52039
Class:	Access Validation Error
CVE:	CVE-2012-1643
Remote:	Yes
Local:	No
Published:	Feb 15 2012 12:00AM
Updated:	Aug 29 2012 12:00AM
Credit:	Sascha Grossenbacher
Vulnerable:	Drupal Faster Permissions 7.x-1.1
Not Vulnerable:	Drupal Faster Permissions 7.x-1.2

Drupal Faster Permissions Module Access Security Bypass Vulnerability

The Faster Permissions module for Drupal is prone to a security-bypass vulnerability that may allow attackers to perform actions without proper authorization.

An attacker can exploit this issue to bypass certain security restrictions and perform unauthorized actions such as configuring module permissions; this may aid in launching further attacks.

Faster Permissions 7.x-1.x versions prior to 7.x-1.2 are vulnerable.

Drupal Faster Permissions Module Access Security Bypass Vulnerability

Attackers can exploit this issue through a browser.

Drupal Faster Permissions Module Access Security Bypass Vulnerability

Solution:
Updates are available; please see the references for more information.

Drupal Faster Permissions Module Access Security Bypass Vulnerability

References:

• Drupal Homepage (Drupal)
  
• Faster Permissions Homepage (Drupal)
  
• SA-CONTRIB-2012-020 - Faster Permissions - Access bypass (Drupal)