=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN007
_____________________________________________________________________

DATE                      : 15/01/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Meta tags/Nodewords for
                                                          Drupal.

======================================================================
http://drupal.org/node/209759
______________________________________________________________________

- ------------
SA-2008-008 - META TAGS - ARBITRARY CODE EXECUTION------------

   * Advisory ID: DRUPAL-SA-2008-008

   * Project: Meta tags / Nodewords (third-party module)

   * Version: 5.x-1.6

   * Date: 2007-January-14

   * Security risk: Highly critical

   * Exploitable from: Remote

   * Vulnerability: Arbitrary code execution

- ------------DESCRIPTION------------

The Meta tags module, also known as Nodewords, adds HTML META tags to
node, panel and view pages. If the site is configured to allow images in
the body of any node type, any user that can create this node type is
able to execute arbitrary code on the server.

- ------------VERSIONS AFFECTED------------

   * Meta tags for Drupal 5.x, version Metatags 5.x-1.6

Drupal core is not affected. If you do not use the contributed Meta tags
module, there is nothing you need to do.

- ------------SOLUTION------------

Install the latest version:

   * If you use Drupal 5.x upgrade to Meta tags 5.x-1.7 [
http://drupal.org/node/208827 ].

See also the Meta tags project page [ 
http://drupal.org/project/nodewords ].

- ------------REPORTED BY------------

Robrecht Jacques [ http://drupal.org/user/22598 ], the Meta tags 
maintainer.

- ------------CONTACT------------

The security contact for Drupal can be reached at security at drupal.org 
or via
the form at [ http://drupal.org/contact ].

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================