CVE-2005-3974 Information

Description

Drupal 4.5.0 through 4.5.5 and 4.6.0 through 4.6.3 when running on PHP5 does not correctly enforce user privileges which allows remote attackers to bypass the \access user profiles\ permission.

Reference

http://drupal.org/files/sa-2005-009/4.6.3.patch http://drupal.org/files/sa-2005-009/advisory.txt http://secunia.com/advisories/17824 http://secunia.com/advisories/18630 http://www.debian.org/security/2006/dsa-958 http://www.securityfocus.com/archive/1/418336/100/0/threaded http://www.securityfocus.com/bid/15674 http://www.vupen.com/english/advisories/2005/2684