Bug#635937: marked as done (TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple vulnerabilities in TYPO3 Core)

Mon, 01 Aug 2011 15:06:22 -0700 

Your message dated Mon, 01 Aug 2011 22:04:21 +0000
with message-id <e1qo0az-0001g2...@franck.debian.org>
and subject line Bug#635937: fixed in typo3-src 4.5.4+dfsg1-1
has caused the Debian Bug report #635937,
regarding TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple 
vulnerabilities in TYPO3 Core
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
635937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635937
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: typo3-src
Severity: critical
Tags: security
Version: 4.5.3+dfsg1-1, 4.3.9+dfsg1-1


Component Type: TYPO3 Core
Affected Versions: 4.3.11 and below, 4.4.8 and below, 4.5.3 and below
Vulnerability Types: Cross-Site Scripting (XSS), Information Disclosure,
Authentication Delay Bypass, Unserialize() vulnerability, Missing Access
Control
Overall Severity: High
Release Date: July 27, 2011


Vulnerable subcomponent #1: Frontend




Vulnerability Type: Cross-Site Scripting
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize URL parameters the
"JSwindow" property of the typolink function is susceptible to
Cross-Site Scripting. The problem does not exist if the third party
extension "realurl" is used and it's configuration parameter
"doNotRawUrlEncodeParameterNames" is set to FALSE (default).




Vulnerable subcomponent #2: Backend



Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: For authentication attempts with wrong credentials,
TYPO3 sends different HTTP-Headers depending if provided username or
provided password is wrong.


Vulnerability Type: Authentication Delay Bypass
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: The TYPO3 Backend login has a delay for
authentication attempts with wrong credentials. By using a crafted
request, an attacker is able to bypass the madantory delay in such cases.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize an username the admin
panel is susceptible to Cross-Site Scripting.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a content element's
link attribute the browse_links wizard is susceptible to Cross-Site
Scripting. Exploiting requires an attacker to prepare a content element
and trick its victim to open the browse_links wizard for this record.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a page title the
system extension recycler is susceptible to Cross-Site Scripting.
Exploiting requires an attacker to prepare a page and deleted page and
trick its victim to visit the recycler.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a page title the
tcemain flash message is susceptible to Cross-Site Scripting. Exploiting
requires an attacker to prepare a page and trick its victim to copy/move
the prepared page.


Vulnerability Type: Information Disclosure
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: A TYPO3 Backend user (editor) is able to see
workspace changes of records in any languages - even for those he hasn't
got granted access to.


Vulnerability Type: Information Disclosure
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Using "getText" feature on headlines of content
elements it is possible to retrieve arbitrary data from TYPO3 database.
The vulnerability results from an insecure configuration in
css_styled_content system extension.

Important Note: Having an adjusted fontTag property in the provided
TypoScript (e.g. lib.stdheader.10.1.fontTag) or depending on headlines
passed through fontTag might result in unexpected rendering results.
Headline rendering is now handled through dataWrap (e.g.
lib.stdheader.10.1.dataWrap). Make sure to check your TypoScript before
the update and check the wesite rendering after it!


Vulnerability Type: Unserialize() vulnerability
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:C/A:N/E:U/RL:OF/RC:C
Problem Description: Special user input of BE editors is treated as
serialized data and is deserialized by TYPO3. This allows BE editors to
delete any arbitrary file the webserver has access to.





Vulnerable subcomponent #3: Exposed API



Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: The RemoveXSS function fails to sanitize an attack
vector that works in Internet Explorer version 6.


Vulnerability Type: Missing Access Control
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: ExtDirect endpoints are not associated with TYPO3
backend modules and such TYPO3 access control is not applied on
ExtDirect calls. This allows arbitrary BE users to consume any available
ExtDirect endpoint service.


-- 
 MfG, Christian Welzel

  GPG-Key:     http://www.camlann.de/de/pgpkey.html
  Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

--- End Message ---
--- Begin Message --- 
Source: typo3-src
Source-Version: 4.5.4+dfsg1-1

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:

typo3-database_4.5.4+dfsg1-1_all.deb
  to main/t/typo3-src/typo3-database_4.5.4+dfsg1-1_all.deb
typo3-dummy_4.5.4+dfsg1-1_all.deb
  to main/t/typo3-src/typo3-dummy_4.5.4+dfsg1-1_all.deb
typo3-src-4.5_4.5.4+dfsg1-1_all.deb
  to main/t/typo3-src/typo3-src-4.5_4.5.4+dfsg1-1_all.deb
typo3-src_4.5.4+dfsg1-1.debian.tar.gz
  to main/t/typo3-src/typo3-src_4.5.4+dfsg1-1.debian.tar.gz
typo3-src_4.5.4+dfsg1-1.dsc
  to main/t/typo3-src/typo3-src_4.5.4+dfsg1-1.dsc
typo3-src_4.5.4+dfsg1.orig-dummy.tar.gz
  to main/t/typo3-src/typo3-src_4.5.4+dfsg1.orig-dummy.tar.gz
typo3-src_4.5.4+dfsg1.orig.tar.gz
  to main/t/typo3-src/typo3-src_4.5.4+dfsg1.orig.tar.gz
typo3_4.5.4+dfsg1-1_all.deb
  to main/t/typo3-src/typo3_4.5.4+dfsg1-1_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 29 Jul 2011 20:00:00 +0100
Source: typo3-src
Binary: typo3-src-4.5 typo3-database typo3-dummy typo3
Architecture: source all
Version: 4.5.4+dfsg1-1
Distribution: unstable
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description: 
 typo3      - The enterprise level open source WebCMS (Meta)
 typo3-database - TYPO3 - The enterprise level open source WebCMS (Database)
 typo3-dummy - web content management system
 typo3-src-4.5 - TYPO3 - The enterprise level open source WebCMS (Core)
Closes: 635937
Changes: 
 typo3-src (4.5.4+dfsg1-1) unstable; urgency=high
 .
   * New upstream release:
     - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple
       vulnerabilities in TYPO3 Core" (Closes: 635937)
   * Adopted patch 02-dummy-defaults.patch to new localconf.php.
   * Removed typo3-dummy.examples, because its empty now.
Checksums-Sha1: 
 5658629aed49a0e4cbc087001802cc2c9803c6dc 1661 typo3-src_4.5.4+dfsg1-1.dsc
 efef3befc7972e5c7d6cc0b7078db1febdfcd385 7672 
typo3-src_4.5.4+dfsg1.orig-dummy.tar.gz
 0261508bbe4a047f47990e5dedd34d4bef26ba8c 20504107 
typo3-src_4.5.4+dfsg1.orig.tar.gz
 484fa4e01e6cb1cdab28a6489fcbb250efc93aab 148076 
typo3-src_4.5.4+dfsg1-1.debian.tar.gz
 1f7d17e4f57533abea67e35206e216ea7f5959a2 20185446 
typo3-src-4.5_4.5.4+dfsg1-1_all.deb
 9b5e4785496288fe2807c7e1d402aaaa18f46b65 261690 
typo3-database_4.5.4+dfsg1-1_all.deb
 603e50642ddf62779e4d5d03b5e058d33309017f 266654 
typo3-dummy_4.5.4+dfsg1-1_all.deb
 cd24ffed431e3e0cf4a0e617ace25442817311c5 1250 typo3_4.5.4+dfsg1-1_all.deb
Checksums-Sha256: 
 99770ff18abc1be1c3647ee3348261569715da93074b75f0ead08f63a9f0bbf1 1661 
typo3-src_4.5.4+dfsg1-1.dsc
 ef7345938bd9634599af57b55ab42dca4278db5e53ff0e534857018b792d81db 7672 
typo3-src_4.5.4+dfsg1.orig-dummy.tar.gz
 e9f35848cac92dd8a8f9b37e41d39eea330a9526eabb702407ab95978a146154 20504107 
typo3-src_4.5.4+dfsg1.orig.tar.gz
 61fe0731c4171bc7a99fcc1c1e0993cdac8887931ce3bac0a7372bd23ba83ce8 148076 
typo3-src_4.5.4+dfsg1-1.debian.tar.gz
 6908fc9f0b55fb6b297ede70c5cb0ff3e1118f0b88e2dfa1da1f14a650aa3e33 20185446 
typo3-src-4.5_4.5.4+dfsg1-1_all.deb
 9c9f6ff72ff9554dc4a67d23e74001000a5af93c28ac033c37f2a8640de11da0 261690 
typo3-database_4.5.4+dfsg1-1_all.deb
 8bcf459b743cb8181c19baab37f6de6a09752e9fbb868c66f17b51cab4c86d93 266654 
typo3-dummy_4.5.4+dfsg1-1_all.deb
 8e45c23bb98b2af96ae2fc30a673bca95310b6701c4c1967c3ec102f013cecd8 1250 
typo3_4.5.4+dfsg1-1_all.deb
Files: 
 9000c120bdec2998d16283d0912282d8 1661 web optional typo3-src_4.5.4+dfsg1-1.dsc
 bbd31f348a88dd4af7e48221971d4f47 7672 web optional 
typo3-src_4.5.4+dfsg1.orig-dummy.tar.gz
 723d9a76b662526dfa7a1857abe58f44 20504107 web optional 
typo3-src_4.5.4+dfsg1.orig.tar.gz
 c39f2eb025bfd7d440fc919b10fdcd18 148076 web optional 
typo3-src_4.5.4+dfsg1-1.debian.tar.gz
 13b747f78d59871bc7986f9c3b403c43 20185446 web optional 
typo3-src-4.5_4.5.4+dfsg1-1_all.deb
 990710997cf978ca7c7bba8e67b99d0a 261690 web optional 
typo3-database_4.5.4+dfsg1-1_all.deb
 da3f95846d0cb2291231d2fd510ed901 266654 web optional 
typo3-dummy_4.5.4+dfsg1-1_all.deb
 f62e40c0ac717335bccc3d97ab70fcbf 1250 web optional typo3_4.5.4+dfsg1-1_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iQEcBAEBAgAGBQJONyMVAAoJEL97/wQC1SS+XvUIAJgqGU3qltil49xj/AyAlv39
E1MBnHAdqmG4w+vTPgb1cSW5pqj/DH/lcZIWczrE68ft2pCB8OwynDvhSysNBqFD
7F8wXj3xdpU4mZk8QaH2YP9NoRXzXZeOD7H6n3q/UECS24XTMMBRNhMvKSNoWMk+
tp6cS0a3CIgWe/z+zkmtXrV42C9lpZQEVLYm5oprQG9GRQi9KC7QSal72YVdI9zb
qwZY2FMqnZR+Lyr8ddYySZB/xsz6veo1Q/sIZsjZ3lbiSkmI63fKms8Rvrz6pCZH
OTYUKdCMP1awKFmylqrhekYhws7pBKlgjoUHjiELhwLE//R53/uGjj4UEZI/XfE=
=llUs
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to