Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Wed, 19 Jun 2013 01:16:50 -0600
From: Kurt Seifried <kseifried@...hat.com>
To: oss-security@...ts.openwall.com
CC: TYPO3 Security Team <security@...o3.org>
Subject: Re: Re: [Ticket#2012111110000015] TYPO3-CORE-SA-2012-005:
 Several Vulnerabilities in TYPO3 Core

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 06/16/2013 05:46 AM, TYPO3 Security Team wrote:
> Dear Kurt Seifried,
> 
> Thank you for your request.
> 
> I'm a bit embarrassed about our response time :(
> 
> Very sorry for that. Things will vastly improve in the near
> future!
> 
> 12/10/2012 22:40 - Kurt Seifried wrote:
> 
>> Can the Typo3 security team please confirm the following:
>> 
>>> Component Type: TYPO3 Core Affected Versions: 4.5.0 up to
>>> 4.5.20, 4.6.0 up to 4.6.13, 4.7.0 up
>> to 4.7.5 and development releases of the 6.0 branch.
>>> Vulnerability Types: SQL Injection, Cross-Site Scripting,
>> Information Disclosure
>> 
>> so no CVE's needed for this, this is simply a summary of the
>> below issues?
> 
> True!
> 
>>> Vulnerable subcomponent: TYPO3 Backend History Module
>>> Vulnerability Type: SQL Injection, Cross-Site Scripting
>>> Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6
>>> that
>> fix the problem described!
>>> Credits: Credits go to Thomas Worm who discovered and reported
>>> the
>> issue.
>> 
>> Did he discover both the SQL Injection and the Cross-Site
>> Scripting issues?
> 
> No, he only discovered the XSS. We discovered the SQLi while fixing
> the XSS.
> 
>> Can you provide a link to the specific code fixes?
> 
> Here it is. https://review.typo3.org/16304
> 
>> so 2 cve's needed correct?
> 
> Yes.
> 
>>> Vulnerable subcomponent: TYPO3 Backend History Module
>>> Vulnerability Type: Information Disclosure
>> Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6
>> that fix the problem described!
>>> Credits: Credits go to Core Team Member Oliver Hader who 
>>> discovered
>> and fixed the issue.
>> 
>> so one cve needed here? Can you provide a link to the specific
>> code fixes?
> 
> Yes.
> 
> It's also fixed in the same change: https://review.typo3.org/16304
> 
>>> Vulnerable subcomponent: TYPO3 Backend API Vulnerability Type: 
>>> Cross-Site Scripting Solution: Update to the TYPO3 version
>>> 4.5.21, 4.6.14 or 4.7.6 that
>> fix the problem described!
>>> Credits: Credits go to Johannes Feustel who discovered and 
>>> reported
>> the issue.
>> 
>> so one cve needed here? Can you provide a link to the specific
>> code fixes?
> 
> Yes: https://review.typo3.org/16305
> 
>>> Vulnerability Type: Cross-Site Scripting Solution: Update to
>>> the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that
>> fix the problem described!
>>> Credits: Credits go to Richard Brain who discovered and
>>> reported the
>> issue.
>> 
>> so one cve needed here? Can you provide a link to the specific
>> code fixes?
> 
> Yes: https://review.typo3.org/16300
> 
> 
> Regards,
> 
> Helmut Hummel Member of the TYPO3 Security Team
> 
> -- TYPO3 Security Team homepage: http://typo3.org/teams/security/
> 
> E-Mail: security@...o3.org
> 
> Please note: When replying to this e-mail, please leave the header
> intact.
> 

k so in summary then:

CVE-2012-6144 TYPO3-CORE-SA-2012-005: Backend History Module SQL
Injection TYPO3 internal

CVE-2012-6145 TYPO3-CORE-SA-2012-005: Backend History Module
Cross-Site Scripting Thomas Worm

CVE-2012-6146 TYPO3-CORE-SA-2012-005: Backend History Module
Information Disclosure Oliver Hader

CVE-2012-6147 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting
Johannes Feustel

CVE-2012-6148 TYPO3-CORE-SA-2012-005: Backend API Cross-Site Scripting
Richard Brain


- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.13 (GNU/Linux)

iQIcBAEBAgAGBQJRwVriAAoJEBYNRVNeJnmTb5cP/Ak8xgGQDdVelQ4cvLwPuTfH
+2UEnqcBZEWHKT3ib9tNDUAar0DLihASl51H/lX3PjgBB9hOwur9nAgvhyGCaP0o
xbAQ7caIjpT30nMWf6icX4DAFs2t0KU4vXm5DxAWlbMaiwpCGXIRQpzaz1XiRWic
9SnsVxSoDL8O8M4ayLHdbNsdvqdoMIJeo8luikJr+9RXMJCnnKw4Nn0wPqQM4UJG
4NL4Fw1giqZQbYuBvu/Z0cshYlLj8zDFWR5r7NXkWoVWUwSVPIkLBuaeIA88wA3J
mCszK56aRbmFV54Tmojqc1lzORuzN8/Pf6auoftNAL5sa8C6K7SbkesNXTUAX4J/
nup6XNKzU3UbFekqVyDoak5R/dWtA/I3FUhOuXO/HksfZLwkOv+OPyTDZ7TDHopW
a7xeN8cCkD3ds7AhOzV+yAo81Ak+EBeeROoIsIJ/MYPO9jNzuB6hbO8NWrHwztOn
MG3IibbUL2BSSp+yToCSoEpmZGQMqX3749DlGtbR/475AK1AQ/47aPd0Pceilxgy
I5n2xRJ4v59hOUPW20V+PADYSI9Y/8LYy+aTW2tIH8xcSWAeEPTZeZRRu7NwAOPN
NlrabGczpfuLFyYi/DvyF93M+o9RIjGEzyCEW+XimdzisKSIGTqFdU3JbiqKXtIf
sciyPmOfkbV9J4kWMBgs
=I/oC
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ