oss-sec mailing list archives
Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 19 Jun 2013 01:16:50 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 06/16/2013 05:46 AM, TYPO3 Security Team wrote:
Dear Kurt Seifried, Thank you for your request. I'm a bit embarrassed about our response time :( Very sorry for that. Things will vastly improve in the near future! 12/10/2012 22:40 - Kurt Seifried wrote:Can the Typo3 security team please confirm the following:Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.20, 4.6.0 up to 4.6.13, 4.7.0 upto 4.7.5 and development releases of the 6.0 branch.Vulnerability Types: SQL Injection, Cross-Site Scripting,Information Disclosure so no CVE's needed for this, this is simply a summary of the below issues?True!Vulnerable subcomponent: TYPO3 Backend History Module Vulnerability Type: SQL Injection, Cross-Site Scripting Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 thatfix the problem described!Credits: Credits go to Thomas Worm who discovered and reported theissue. Did he discover both the SQL Injection and the Cross-Site Scripting issues?No, he only discovered the XSS. We discovered the SQLi while fixing the XSS.Can you provide a link to the specific code fixes?Here it is. https://review.typo3.org/16304so 2 cve's needed correct?Yes.Vulnerable subcomponent: TYPO3 Backend History Module Vulnerability Type: Information DisclosureSolution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix the problem described!Credits: Credits go to Core Team Member Oliver Hader who discoveredand fixed the issue. so one cve needed here? Can you provide a link to the specific code fixes?Yes. It's also fixed in the same change: https://review.typo3.org/16304Vulnerable subcomponent: TYPO3 Backend API Vulnerability Type: Cross-Site Scripting Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 thatfix the problem described!Credits: Credits go to Johannes Feustel who discovered and reportedthe issue. so one cve needed here? Can you provide a link to the specific code fixes?Yes: https://review.typo3.org/16305Vulnerability Type: Cross-Site Scripting Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 thatfix the problem described!Credits: Credits go to Richard Brain who discovered and reported theissue. so one cve needed here? Can you provide a link to the specific code fixes?Yes: https://review.typo3.org/16300 Regards, Helmut Hummel Member of the TYPO3 Security Team -- TYPO3 Security Team homepage: http://typo3.org/teams/security/ E-Mail: security () typo3 org Please note: When replying to this e-mail, please leave the header intact.
k so in summary then: CVE-2012-6144 TYPO3-CORE-SA-2012-005: Backend History Module SQL Injection TYPO3 internal CVE-2012-6145 TYPO3-CORE-SA-2012-005: Backend History Module Cross-Site Scripting Thomas Worm CVE-2012-6146 TYPO3-CORE-SA-2012-005: Backend History Module Information Disclosure Oliver Hader CVE-2012-6147 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting Johannes Feustel CVE-2012-6148 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting Richard Brain - -- Kurt Seifried Red Hat Security Response Team (SRT) PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.13 (GNU/Linux) iQIcBAEBAgAGBQJRwVriAAoJEBYNRVNeJnmTb5cP/Ak8xgGQDdVelQ4cvLwPuTfH +2UEnqcBZEWHKT3ib9tNDUAar0DLihASl51H/lX3PjgBB9hOwur9nAgvhyGCaP0o xbAQ7caIjpT30nMWf6icX4DAFs2t0KU4vXm5DxAWlbMaiwpCGXIRQpzaz1XiRWic 9SnsVxSoDL8O8M4ayLHdbNsdvqdoMIJeo8luikJr+9RXMJCnnKw4Nn0wPqQM4UJG 4NL4Fw1giqZQbYuBvu/Z0cshYlLj8zDFWR5r7NXkWoVWUwSVPIkLBuaeIA88wA3J mCszK56aRbmFV54Tmojqc1lzORuzN8/Pf6auoftNAL5sa8C6K7SbkesNXTUAX4J/ nup6XNKzU3UbFekqVyDoak5R/dWtA/I3FUhOuXO/HksfZLwkOv+OPyTDZ7TDHopW a7xeN8cCkD3ds7AhOzV+yAo81Ak+EBeeROoIsIJ/MYPO9jNzuB6hbO8NWrHwztOn MG3IibbUL2BSSp+yToCSoEpmZGQMqX3749DlGtbR/475AK1AQ/47aPd0Pceilxgy I5n2xRJ4v59hOUPW20V+PADYSI9Y/8LYy+aTW2tIH8xcSWAeEPTZeZRRu7NwAOPN NlrabGczpfuLFyYi/DvyF93M+o9RIjGEzyCEW+XimdzisKSIGTqFdU3JbiqKXtIf sciyPmOfkbV9J4kWMBgs =I/oC -----END PGP SIGNATURE-----
Current thread:
- Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core TYPO3 Security Team (Jun 16)
- Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vulnerabilities in TYPO3 Core Kurt Seifried (Jun 19)