Home page logo
/

oss-sec logo oss-sec mailing list archives

Re: CVE request: TYPO3 remote code execution by arbitrary file creation TYPO3-CORE-SA-2013-002
From: Kurt Seifried <kseifried () redhat com>
Date: Wed, 14 Aug 2013 21:06:55 -0600

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 08/14/2013 10:26 AM, Henri Salo wrote:
Can we assign CVE for remote code execution by arbitrary file
creation vulnerability in TYPO3, thanks.

http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-002/


Advisory ID: TYPO3-CORE-SA-2013-002
Vulnerable subcomponent: Backend File Upload / File Abstraction
Layer Vulnerability Type: Remote Code Execution by arbitrary file
creation Affected Versions: All versions from 6.0.0 up to the
development branch of 6.2 Severity: Critical Suggested CVSS v2.0:
AV:N/AC:L/Au:S/C:C/I:C/A:C/E:F/RL:O/RC:C

Problem Description: The file upload component and the File
Abstraction Layer are failing to check for denied file extensions,
which allows authenticated editors (even with limited permissions)
to upload php files with arbitrary code, which can then be executed
in web server's context.

Solution: Update to the TYPO3 version 6.0.8 or 6.1.3 that fix the
problem described!

Credits: Credits go to Sebastian Nerz who discovered and reported
the issue.

Please note that XSS issue in the advisory already has CVE. TYPO3
team also verified that this hasn't been requested already.

--- Henri Salo


So it states for the first one:

Problem Description: TYPO3 bundles flash files for video and audio
playback. Old versions of FlowPlayer and flashmedia are susceptible to
Cross-Site Scripting. No authentication is required to exploit this
vulnerability.

so it sounds like embedded third party software, there appear to be
some older CVE's for flowplayer, I'm guessing it might be one of
these? Can the typo3 people please provide details (e.g. code patches)
of exactly what they fixed?

For the second one "Vulnerable subcomponent: Backend File Upload /
File Abstraction Layer" code execution please use CVE-2013-4250 for
this issue.



- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.14 (GNU/Linux)

iQIcBAEBAgAGBQJSDEXPAAoJEBYNRVNeJnmTzckQAKDUpbvvvQhdHSduMbtepLlf
wKANId9ZC0b2s9KT0Q0uT7Ez5sOpxM/xM3Q08LjmXMOo6+IjujRDAK1BFk9kr1Rr
xu2kMeDGDemKHdRHdkFJFnzPJJLaF05Mmr8r9j8lkakVrZHIDbNcem66Q4/KMVhl
EnJhQA/Ja8hkOgt4xpUYEFcGLuZDfmiUI7aIsUjWgDKp14QpX5kOBEucqlcSVRed
9pGsZYksMILHrpMb4QX9SoHBgIzvGqiZ2Z/rEoKl4Kp12eZ0Ua5aj/YP7X9VUndy
NkLcXclUmevlW55uCM/8U0rlYk1rJXLHJyxlYgI5PpTZSJAiaAW8eWfISdY0WNLM
AbHG1bQRtxVaNa2ztXz+DxInIV2gdQQf2kZWZ/13bCDbmr+/R73O3RhbOCyynmR2
stDfr1ymm8gViiVX0lPrEdOTy6tQvH+NYigc/SlbXby83fB7D6wTPKTpKTBwAGti
yTaHyhRxpbs+T5OYIxB+iAumJPQcL9fLS5gT20vv5t9d1N+CYGgR/QmloBB2kfDH
Sa/qqlKipjHyflW2SqNA/pdtDSq+Th2085hs5sK7iF1mxzO8wTOe3WqIuyZWVTte
0b1e2725wq6edaYUEL8xcSWw8P3tGWXeE8eHjOl/qSDoCt5Ek3au71fmpRhc3APd
q0o2EO+B5pWpiszZDp1E
=ffmK
-----END PGP SIGNATURE-----


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault