oss-sec mailing list archives

Re: CVE request: typo3 remote command execution

From: Josh Bressers <bressers () redhat com>
Date: Mon, 12 Apr 2010 14:25:00 -0400 (EDT)

Please use CVE-2010-1153

Thanks.

-- 
    JB


----- "Hanno Böck" <hanno () hboeck de> wrote:

http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-008/

 The TYPO3 autoloader does not validate passed arguments.

You are not vulnerable if at least one of following conditions is
met:

   1. You are using any other TYPO3 version than 4.3.0, 4.3.1 or 4.3.2
(+ 
development releases of 4.4 branch).
   2. You have at least one of following PHP configuration variables
set to 
"off": register_globals ("off" by default, advised to be "off" in
TYPO3 
Security Cookbook), allow_url_include ("off" by default) and
allow_url_fopen 
("on" by default)
   3. You are using Suhosin and haven't put URL schemes in
configuration 
variable "suhosin.executor.include.whitelist".

Possible Impact: A crafted request to a vulnerable TYPO3 installation
will 
allow an attacker to load PHP code from an external server and to
execute it 
on the TYPO3 installation. 
-- 
Hanno Böck            Blog:           http://www.hboeck.de/
GPG: 3DBD3B20         Jabber/Mail:    hanno () hboeck de

http://schokokeks.org - professional webhosting

Current thread:

CVE request: typo3 remote command execution Hanno Böck (Apr 10)
- Re: CVE request: typo3 remote command execution Josh Bressers (Apr 12)