oss-sec mailing list archives
CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002
From: Henri Salo <henri () nerv fi>
Date: Wed, 14 Aug 2013 19:26:15 +0300
Can we assign CVE for remote code execution by arbitrary file creation vulnerability in TYPO3, thanks. http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/ Advisory ID: TYPO3-CORE-SA-2013-002 Vulnerable subcomponent: Backend File Upload / File Abstraction Layer Vulnerability Type: Remote Code Execution by arbitrary file creation Affected Versions: All versions from 6.0.0 up to the development branch of 6.2 Severity: Critical Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:O/RC:C Problem Description: The file upload component and the File Abstraction Layer are failing to check for denied file extensions, which allows authenticated editors (even with limited permissions) to upload php files with arbitrary code, which can then be executed in web server's context. Solution: Update to the TYPO3 version 6.0.8 or 6.1.3 that fix the problem described! Credits: Credits go to Sebastian Nerz who discovered and reported the issue. Please note that XSS issue in the advisory already has CVE. TYPO3 team also verified that this hasn't been requested already. --- Henri Salo
Attachment:
signature.asc
Description: Digital signature
Current thread:
- CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002 Henri Salo (Aug 14)