=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN367
_____________________________________________________________________

DATE                      : 19/09/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Link To Us for DRUPAL.

======================================================================
http://drupal.org/node/309861
______________________________________________________________________


SA-2008-052 - Link To Us - Cross site scripting

Heine - September 17, 2008 - 19:13

     * Advisory ID: DRUPAL-SA-2008-052
     * Project: Link To Us (third-party module)
     * Versions: 5.x
     * Date: 2008-September-17
     * Security risk: Critical
     * Exploitable from: Remote
     * Vulnerability: Cross site scripting

Description

The Link To Us module creates a page to display uploaded banners that
can be used by others to link to your Drupal site. The module will
create well formed SEO links with full title, alt and anchor text
determined by the node title, taxonomy term or other pages that are
directed to the module.

Unfortunately, the module does not properly escape text, which allows
malicious users who are able to post content to insert arbitrary HTML
and scripts into a page. Wikipedia has more information about such cross
site scripting (XSS) attacks.


Versions Affected

     * Versions of Link To Us for Drupal 5.x prior to 5.x-1.1

Note: the 6.x development version is also vulnerable to this issue. A
fix for the issue will appear within 12 hours in the next 6.x
development snapshot. Development snapshots are not supported.

Drupal core is not affected. If you do not use the Link To Us module,
there is nothing you need to do.


Solution

Install the latest version.

     * If you use Link To Us for Drupal 5.x upgrade to Link To Us 5.x-1.1

Also see the Link To Us project page.
Reported by

     * Justin Klein Keane

Contact

The security contact for Drupal can be reached at security at drupal.org 
or via the form at http://drupal.org/contact and by selecting the
security issues category.


======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================