Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Tue, 21 Aug 2012 23:28:24 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: Typo3

Hi,
please assign CVE IDs for the latest Typo3 security issues:
http://typo3.org/support/teams-security-security-bulletins/security-bulletins-single-view/article/several-vulnerabilities-in-typo3-core/ :

1.

Vulnerable subcomponent: TYPO3 Backend Help System
Vulnerability Type: Insecure Unserialize leading to a possible Arbitrary Code Execution
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:C/A:N/E:P/RL:O/RC:C (What's that?)
Problem Description: Due to a missing signature (HMAC) for a parameter in the view_help.php file, an attacker could unserialize arbitrary objects within TYPO3. We are aware of a working exploit, which can lead to arbitrary code execution. A valid backend user login or multiple successful cross site request forgery attacks are required to exploit this vulnerability.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Felix Wilhelm who discovered and reported the issue.


2.

Vulnerable subcomponent: TYPO3 Backend
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Pavel Vaysband, Security Team Member Markus Bucher, Core Team Member Susanne Moog, Jan Bednarik,  who discovered and reported the issues.

3.

Vulnerable subcomponent: TYPO3 Backend
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Accessing the configuration module discloses the Encryption Key. A valid backend user with access to the configuration module is required to exploit this vulnerability.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Mario Rimann who discovered and reported the issue.

4.

Vulnerable subcomponent: TYPO3 HTML Sanitizing API
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:O/RC:C (What's that?)
Problem Description: By not removing several HTML5 JavaScript events, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. Failing to properly encode for JavaScript the API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site Scripting.
Note: Developers should never rely on the blacklist of RemoveXSS() alone, but should always properly encode user input before outputting it again.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Andreas Schnapp and Christian Nösterer who discovered and reported the issues.

5.

Vulnerable subcomponent: TYPO3 Install Tool
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Failing to properly sanitize user input, the Install Tool is susceptible to Cross-Site Scripting.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Security Team Member Georg Ringer who discovered and reported the issue. 

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.