Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-ID: <20120821212824.GB1866@inutil.org>
Date: Tue, 21 Aug 2012 23:28:24 +0200
From: Moritz Muehlenhoff <jmm@...ian.org>
To: oss-security@...ts.openwall.com
Subject: CVE request: Typo3

Hi,
please assign CVE IDs for the latest Typo3 security issues:
http://typo3.org/support/teams-security-security-bulletins/security-bulletins-single-view/article/several-vulnerabilities-in-typo3-core/ :

1.

Vulnerable subcomponent: TYPO3 Backend Help System
Vulnerability Type: Insecure Unserialize leading to a possible Arbitrary Code Execution
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:C/A:N/E:P/RL:O/RC:C (What's that?)
Problem Description: Due to a missing signature (HMAC) for a parameter in the view_help.php file, an attacker could unserialize arbitrary objects within TYPO3. We are aware of a working exploit, which can lead to arbitrary code execution. A valid backend user login or multiple successful cross site request forgery attacks are required to exploit this vulnerability.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Felix Wilhelm who discovered and reported the issue.


2.

Vulnerable subcomponent: TYPO3 Backend
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Failing to properly HTML-encode user input in several places, the TYPO3 backend is susceptible to Cross-Site Scripting. A valid backend user is required to exploit these vulnerabilities.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Pavel Vaysband, Security Team Member Markus Bucher, Core Team Member Susanne Moog, Jan Bednarik,  who discovered and reported the issues.

3.

Vulnerable subcomponent: TYPO3 Backend
Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Accessing the configuration module discloses the Encryption Key. A valid backend user with access to the configuration module is required to exploit this vulnerability.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Mario Rimann who discovered and reported the issue.

4.

Vulnerable subcomponent: TYPO3 HTML Sanitizing API
Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:O/RC:C (What's that?)
Problem Description: By not removing several HTML5 JavaScript events, the API method t3lib_div::RemoveXSS() fails to filter specially crafted HTML injections, thus is susceptible to Cross-Site Scripting. Failing to properly encode for JavaScript the API method t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site Scripting.
Note: Developers should never rely on the blacklist of RemoveXSS() alone, but should always properly encode user input before outputting it again.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Andreas Schnapp and Christian Nösterer who discovered and reported the issues.

5.

Vulnerable subcomponent: TYPO3 Install Tool
Vulnerability Type: Cross-Site Scripting
Severity: Low
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:F/RL:O/RC:C (What's that?)
Problem Description: Failing to properly sanitize user input, the Install Tool is susceptible to Cross-Site Scripting.
Solution: Update to the TYPO3 version 4.5.19, 4.6.12 or 4.7.4 that fix the problem described!
Credits: Credits go to Security Team Member Georg Ringer who discovered and reported the issue. 

Cheers,
        Moritz

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.