oss-sec mailing list archives
Re: CVE request: Typo3
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 22 Aug 2012 12:12:49 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 08/21/2012 03:28 PM, Moritz Muehlenhoff wrote:
Hi, please assign CVE IDs for the latest Typo3 security issues: http://typo3.org/support/teams-security-security-bulletins/security-bulletins-single-view/article/several-vulnerabilities-in-typo3-core/ :
1. Vulnerable subcomponent: TYPO3 Backend Help System Vulnerability Type: Insecure Unserialize leading to a possible Arbitrary Code Execution Severity: Medium Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:C/A:N/E:P/RL:O/RC:C (What's that?) Problem Description: Due to a missing signature (HMAC) for a parameter in the view_help.php file, an attacker could unserialize arbitrary objects within TYPO3. We are aware of a working exploit, which can lead to arbitrary code execution. A valid backend user login or multiple successful cross site request forgery attacks are required to exploit this vulnerability. Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described! Credits: Credits go to Felix Wilhelm who discovered and reported the issue.
Please use CVE-2012-3527 TYPO3-CORE-SA-2012-004: TYPO3 Backend Help System Code Exec
2. Vulnerable subcomponent: TYPO3 Backend Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?) Problem Description: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities. Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described! Credits: Credits go to Pavel Vaysband, Security Team Member Markus Bucher, Core Team Member Susanne Moog, Jan Bednarik, who discovered and reported the issues.
Please use CVE-2012-3528 for TYPO3-CORE-SA-2012-004: TYPO3 Backend XSS
3. Vulnerable subcomponent: TYPO3 Backend Vulnerability Type: Information Disclosure Severity: Low Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:O/RC:C (What's that?) Problem Description: Accessing the configuration module discloses the Encryption Key. A valid backend user with access to the configuration module is required to exploit this vulnerability. Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described! Credits: Credits go to Mario Rimann who discovered and reported the issue.
Please use CVE-2012-3529 for TYPO3-CORE-SA-2012-004: TYPO3 Backend Information Disclosure
4. Vulnerable subcomponent: TYPO3 HTML Sanitizing API Vulnerability Type: Cross-Site Scripting Severity: Medium Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:O/RC:C (What's that?) Problem Description: By not removing several HTML5 JavaScript events, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. Failing to properly encode for JavaScript the API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site Scripting. Note: Developers should never rely on the blacklist of RemoveXSS() alone, but should always properly encode user input before outputting it again. Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described! Credits: Credits go to Andreas Schnapp and Christian Nösterer who discovered and reported the issues.
Please use CVE-2012-3530 for TYPO3-CORE-SA-2012-004: TYPO3 HTML Sanitizing API XSS
5. Vulnerable subcomponent: TYPO3 Install Tool Vulnerability Type: Cross-Site Scripting Severity: Low Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?) Problem Description: Failing to properly sanitize user input, the Install Tool is susceptible to Cross-Site Scripting. Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described! Credits: Credits go to Security Team Member Georg Ringer who discovered and reported the issue.
Please use CVE-2012-3531 for TYPO3-CORE-SA-2012-004: TYPO3 Install Tool XSS
Cheers, Moritz
- -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iQIcBAEBAgAGBQJQNSEhAAoJEBYNRVNeJnmTuI0P/1mgfYQsQDbcXwTpVfVnEwuL 3k/CBIvep52MpNdrHLq8+opEXAMLe7Ia2sKTs6KqgL0V97uCUbe8heAoyGvPdgRv R7Fndbhy67L+LbsfpRgrfXImDhEyROQg3Qvg1CsQVsum5ZoYUU+WnOKkZgUuAa7i HhbuKOP1nbMtx/cQubpuHmUtlImBpUNrn5XCyWRIDOLlyOUIO4otxK0kPm8LO7M5 FOq8FwY68UhSIF4ecslXBCqbqkA9mAKgWHDYXnoVrgsSAovHtPCns5WXaZrwFBvo D06WVO0fd4PKcN9D9/BWhcaLASl4nzOq4XpGpE+EU3f5e6IXQxmnW9cP41XI5wyn Iwhm6ythIsJRXmv21uSUpXkH452MmonQ/UNlnksZWKInLTVn9EwZ3aCzG1PhT61f ahV8nX+lq6P6w4tAS91MkpBgHHBYM/Wg4cFJRccRw609GW6JaWI3e1dHbaLG54kq sr/Ld+g7Zx/17pTV/FdFPElxTd20EmhHNQPVa7yV7QKfB5vJyU08thzcV88Dn2Bh ceJgQ+MiuBMjr2iZ89QM/iMrbu8qq/bdtJDA/5R+GAB0KRuRVrOTFWENCvTPqB4M faB7FlE944Ou11XKUhP9WHCwOay/159/6MhyqqxIxMQdwGtEJkIRgKgYv9i/FZfG lRcnpbr1H7n5mmE2xHXt =PI4N -----END PGP SIGNATURE-----
Current thread:
- CVE request: Typo3 Moritz Muehlenhoff (Aug 21)
- Re: CVE request: Typo3 Kurt Seifried (Aug 22)