Shulou(Shulou.com)06/01 Report--

Today, I will talk to you about how to analyze Drupal core remote code execution vulnerabilities, which may not be well understood by many people. In order to make you understand better, the editor has summarized the following contents for you. I hope you can get something according to this article.

Overview of 0x01 vulnerabilities Drupal is an open source content management system that uses the PHP language and is widely used in the industry.

On March 28, 2018, Drupal officially released new patches and security bulletins. There is a remote code execution vulnerability (CVE-2018-7600) in more than 8 sub-versions of Drupal 6 and 7.

360CERT through the patch analysis and judgment, combined with the Drupal official judgment

The risk level is higher

The scope of influence is wide.

Although details of the vulnerability have not yet been made public, users using the Drupal open source content management system are still recommended to update.

0x02 vulnerability impact surface impact version

Drupal 6.x,7.x,8.x

Repair version

Drupal 7.58,Drupal 8.5.1

Update recommended for 0x03 fixes

The main supported version is recommended to update to the latest subversion of Drupal.

Version 7.x, updated to 7.58

Https://www.drupal.org/project/drupal/releases/7.58

Version 8.5.x, updated to 8.5.1

Https://www.drupal.org/project/drupal/releases/8.5.1

Version 8.4.x, updated to 8.4.6

Https://www.drupal.org/project/drupal/releases/8.4.6

Version 8.3.x, updated to 8.3.9

Https://www.drupal.org/project/drupal/releases/8.3.9

Update with patch

If you cannot update immediately, please use the corresponding patch

8.5.x patch 8.4.x Magi 8.3.x address:

Https://cgit.drupalcode.org/drupal/rawdiff/?h=8.5.x&id=5ac8738fa69df34a0635f0907d661b509ff9a28f

7.x patch address:

Https://cgit.drupalcode.org/drupal/rawdiff/?h=7.x&id=2266d2a83db50e2f97682d9a0fb8a18e2722cba5

Other unsupported versions

Drupal 8.0Cash 8.1 Drupal 8.2 is no longer maintained completely. If you are using these versions, please update to 8.3.9 or 8.4.6 as soon as possible.

Drupal 6 is also affected by the vulnerability, and this version is maintained by Drupal 6 Long Term Support.

After reading the above, do you have any further understanding of how to analyze remote code execution vulnerabilities in the Drupal core? If you want to know more knowledge or related content, please follow the industry information channel, thank you for your support.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.