Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: TYPO3-CORE-SA-2012-001
From: Kurt Seifried <kseifried () redhat com>
Date: Thu, 29 Mar 2012 19:57:53 -0600

On 03/29/2012 02:44 PM, Florian Weimer wrote:
I may have missed a previous request.  If I can count properly, there
are four different issues:

You can count properly!

| Vulnerable subcomponent: Extbase Framework
| Affected Versions:
|   Versions 4.4.x and 4.5.x are not affected by this vulnerabilty.
| Vulnerability Type: Insecure Unserialize
| 
| Problem Description: Due to a missing signature (HMAC) for a request
| argument, an attacker could unserialize arbitrary objects within
| TYPO3.
| 
| To our knowledge it is neither possible to inject code through this
| vulnerability, nor are there exploitable objects within the TYPO3
| Core. However, there might be exploitable objects within third party
| extensions.

Please use CVE-2012-1605 for this issue.

| Vulnerable subcomponent: TYPO3 Backend
| Vulnerability Type: Cross-Site Scripting
| 
| Problem Description: Failing to properly HTML-encode user input in
| several places, the TYPO3 backend is susceptible to Cross-Site
| Scripting. A valid backend user is required to exploit these
| vulnerabilities.

Please use CVE-2012-1606 for this issue.

| Vulnerable subcomponent: TYPO3 Command Line Interface
| Vulnerability Type: Information Disclosure
|
| Problem Description: Accessing a CLI Script directly with a browser
| may disclose the database name used for the TYPO3 installation.

Please use CVE-2012-1607 for this issue.

| Vulnerable subcomponent: TYPO3 HTML Sanitizing API
| Vulnerability Type: Cross-Site Scripting
|
| Problem Description: By not removing non printable characters, the API
| method t3lib_div::RemoveXSS() fails to filter specially crafted HTML
| injections, thus is susceptible to Cross-Site Scripting.

Please use CVE-2012-1608 for this issue.

<http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2012-001/>


-- 
Kurt Seifried Red Hat Security Response Team (SRT)


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]