Date: Fri, 5 Sep 2014 10:02:42 +0300 From: Henri Salo <henri@...v.fi> To: oss-security@...ts.openwall.com Cc: TYPO3 Security Team <security@...o3.org> Subject: CVE request: TYPO3-EXT-SA-2014-005 -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Can I get 2014 CVE for TYPO3-EXT-SA-2014-005, thanks. If I am correct one CVEs is enough as both issues are about same Ajax dispatcher. http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-005/ http://osvdb.org/103259 http://osvdb.org/103260 Release Date: February 12, 2014 Affected Versions: yag: Version 3.0.0 and below, pt_extbase: Version 1.5.0 and below Vulnerability Type: Access Bypass Severity: High Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:F/RL:O/RC:C Problem Description: The extension pt_extbase comes with an Ajax dispatcher for Extbase. Using this dispatcher it is possible to call every action in every controller of every Extbase extension installed on the system. The dispatcher failes to do access checks, thus it is possible to bypass access checks for Extbase Backend Modules like the backend user administration module. The extension yag also delivered an Ajax dispatcher, which was unused but vulnerable. Important Note: The unused Ajax Dispatcher code in extension yag has been removed. If any other installed extensions made use of this dispatcher, it will stop working. Additionally the Ajax dispatcher in pt_extbase was modified to do access checks. Third party extensions using this dispatcher need to be added to the list of allowed actions. Solution: Updated versions 3.0.1 and 1.5.1 are available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/download/yag/3.0.1/t3x/ and http://typo3.org/extensions/repository/download/pt_extbase/1.5.1/t3x/. Users of the extension are advised to update the extension as soon as possible. Credits: Credits go to Andrea Schmuttermair who discovered and reported this issue. - --- Henri Salo -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.12 (GNU/Linux) iEYEARECAAYFAlQJYBIACgkQXf6hBi6kbk/80QCg0vRIZzIqXrCu78OhArS6oBFG 2wIAoMBuWqqmvBha7wf/y9f/VHXSxg/i =lMT7 -----END PGP SIGNATURE-----
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ