Date: Thu, 29 Mar 2012 19:57:53 -0600 From: Kurt Seifried <kseifried@...hat.com> To: oss-security@...ts.openwall.com CC: Florian Weimer <fw@...eb.enyo.de> Subject: Re: CVE request: TYPO3-CORE-SA-2012-001 On 03/29/2012 02:44 PM, Florian Weimer wrote: > I may have missed a previous request. If I can count properly, there > are four different issues: You can count properly! > | Vulnerable subcomponent: Extbase Framework > | Affected Versions: > | Versions 4.4.x and 4.5.x are not affected by this vulnerabilty. > | Vulnerability Type: Insecure Unserialize > | > | Problem Description: Due to a missing signature (HMAC) for a request > | argument, an attacker could unserialize arbitrary objects within > | TYPO3. > | > | To our knowledge it is neither possible to inject code through this > | vulnerability, nor are there exploitable objects within the TYPO3 > | Core. However, there might be exploitable objects within third party > | extensions. Please use CVE-2012-1605 for this issue. > | Vulnerable subcomponent: TYPO3 Backend > | Vulnerability Type: Cross-Site Scripting > | > | Problem Description: Failing to properly HTML-encode user input in > | several places, the TYPO3 backend is susceptible to Cross-Site > | Scripting. A valid backend user is required to exploit these > | vulnerabilities. Please use CVE-2012-1606 for this issue. > | Vulnerable subcomponent: TYPO3 Command Line Interface > | Vulnerability Type: Information Disclosure > | > | Problem Description: Accessing a CLI Script directly with a browser > | may disclose the database name used for the TYPO3 installation. Please use CVE-2012-1607 for this issue. > | Vulnerable subcomponent: TYPO3 HTML Sanitizing API > | Vulnerability Type: Cross-Site Scripting > | > | Problem Description: By not removing non printable characters, the API > | method t3lib_div::RemoveXSS() fails to filter specially crafted HTML > | injections, thus is susceptible to Cross-Site Scripting. Please use CVE-2012-1608 for this issue. > <http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/> -- Kurt Seifried Red Hat Security Response Team (SRT)
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ