Bug#635937: marked as done (TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple vulnerabilities in TYPO3 Core)

Sun, 07 Aug 2011 18:57:18 -0700 

Your message dated Mon, 08 Aug 2011 01:52:55 +0000
with message-id <e1qqf1t-0003ax...@franck.debian.org>
and subject line Bug#635937: fixed in typo3-src 4.2.5-1+lenny8
has caused the Debian Bug report #635937,
regarding TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple 
vulnerabilities in TYPO3 Core
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
635937: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=635937
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: typo3-src
Severity: critical
Tags: security
Version: 4.5.3+dfsg1-1, 4.3.9+dfsg1-1


Component Type: TYPO3 Core
Affected Versions: 4.3.11 and below, 4.4.8 and below, 4.5.3 and below
Vulnerability Types: Cross-Site Scripting (XSS), Information Disclosure,
Authentication Delay Bypass, Unserialize() vulnerability, Missing Access
Control
Overall Severity: High
Release Date: July 27, 2011


Vulnerable subcomponent #1: Frontend




Vulnerability Type: Cross-Site Scripting
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize URL parameters the
"JSwindow" property of the typolink function is susceptible to
Cross-Site Scripting. The problem does not exist if the third party
extension "realurl" is used and it's configuration parameter
"doNotRawUrlEncodeParameterNames" is set to FALSE (default).




Vulnerable subcomponent #2: Backend



Vulnerability Type: Information Disclosure
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: For authentication attempts with wrong credentials,
TYPO3 sends different HTTP-Headers depending if provided username or
provided password is wrong.


Vulnerability Type: Authentication Delay Bypass
Severity: Low
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: The TYPO3 Backend login has a delay for
authentication attempts with wrong credentials. By using a crafted
request, an attacker is able to bypass the madantory delay in such cases.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:N/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize an username the admin
panel is susceptible to Cross-Site Scripting.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a content element's
link attribute the browse_links wizard is susceptible to Cross-Site
Scripting. Exploiting requires an attacker to prepare a content element
and trick its victim to open the browse_links wizard for this record.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a page title the
system extension recycler is susceptible to Cross-Site Scripting.
Exploiting requires an attacker to prepare a page and deleted page and
trick its victim to visit the recycler.


Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:H/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Failing to properly sanitize a page title the
tcemain flash message is susceptible to Cross-Site Scripting. Exploiting
requires an attacker to prepare a page and trick its victim to copy/move
the prepared page.


Vulnerability Type: Information Disclosure
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:P/I:N/A:N/E:U/RL:OF/RC:C
Problem Description: A TYPO3 Backend user (editor) is able to see
workspace changes of records in any languages - even for those he hasn't
got granted access to.


Vulnerability Type: Information Disclosure
Severity: High
Suggested CVSS v2.0: AV:N/AC:L/Au:S/C:C/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: Using "getText" feature on headlines of content
elements it is possible to retrieve arbitrary data from TYPO3 database.
The vulnerability results from an insecure configuration in
css_styled_content system extension.

Important Note: Having an adjusted fontTag property in the provided
TypoScript (e.g. lib.stdheader.10.1.fontTag) or depending on headlines
passed through fontTag might result in unexpected rendering results.
Headline rendering is now handled through dataWrap (e.g.
lib.stdheader.10.1.dataWrap). Make sure to check your TypoScript before
the update and check the wesite rendering after it!


Vulnerability Type: Unserialize() vulnerability
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:C/A:N/E:U/RL:OF/RC:C
Problem Description: Special user input of BE editors is treated as
serialized data and is deserialized by TYPO3. This allows BE editors to
delete any arbitrary file the webserver has access to.





Vulnerable subcomponent #3: Exposed API



Vulnerability Type: Cross-Site Scripting
Severity: Medium
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: The RemoveXSS function fails to sanitize an attack
vector that works in Internet Explorer version 6.


Vulnerability Type: Missing Access Control
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:P/A:N/E:U/RL:OF/RC:C
Problem Description: ExtDirect endpoints are not associated with TYPO3
backend modules and such TYPO3 access control is not applied on
ExtDirect calls. This allows arbitrary BE users to consume any available
ExtDirect endpoint service.


-- 
 MfG, Christian Welzel

  GPG-Key:     http://www.camlann.de/de/pgpkey.html
  Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15

--- End Message ---
--- Begin Message --- 
Source: typo3-src
Source-Version: 4.2.5-1+lenny8

We believe that the bug you reported is fixed in the latest version of
typo3-src, which is due to be installed in the Debian FTP archive:

typo3-src-4.2_4.2.5-1+lenny8_all.deb
  to main/t/typo3-src/typo3-src-4.2_4.2.5-1+lenny8_all.deb
typo3-src_4.2.5-1+lenny8.diff.gz
  to main/t/typo3-src/typo3-src_4.2.5-1+lenny8.diff.gz
typo3-src_4.2.5-1+lenny8.dsc
  to main/t/typo3-src/typo3-src_4.2.5-1+lenny8.dsc
typo3_4.2.5-1+lenny8_all.deb
  to main/t/typo3-src/typo3_4.2.5-1+lenny8_all.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 635...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Christian Welzel <gaw...@camlann.de> (supplier of updated typo3-src package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.8
Date: Fri, 05 Aug 2011 15:30:56 +0000
Source: typo3-src
Binary: typo3 typo3-src-4.2
Architecture: source all
Version: 4.2.5-1+lenny8
Distribution: oldstable-security
Urgency: high
Maintainer: Christian Welzel <gaw...@camlann.de>
Changed-By: Christian Welzel <gaw...@camlann.de>
Description: 
 typo3      - Powerful content management framework (Meta package)
 typo3-src-4.2 - Powerful content management framework (Core)
Closes: 635937
Changes: 
 typo3-src (4.2.5-1+lenny8) oldstable-security; urgency=high
 .
   [ Christian Welzel ]
   * Security patch from new upstream release 4.3.12
     - fixes: "TYPO3 Security Bulletin TYPO3-CORE-SA-2011-001: Multiple
       vulnerabilities in TYPO3 Core" (Closes: 635937)
Checksums-Sha1: 
 caf4cf6131a2a8a7b687a1ecfd8626b6cebcdaed 1009 typo3-src_4.2.5-1+lenny8.dsc
 e9fef50fa5d39828963b8d0344a0863686883448 160648 
typo3-src_4.2.5-1+lenny8.diff.gz
 0bac30b4bfb6e2c5d6d8faddce683d649030fa03 134250 typo3_4.2.5-1+lenny8_all.deb
 5c4583cad3fb61c42ad19b72089eeaa0de66bc58 8189466 
typo3-src-4.2_4.2.5-1+lenny8_all.deb
Checksums-Sha256: 
 89b3efa2d36b7615fa8a0c9cc51dab6b4593c8c5d60f34ac4a333b6cd146b401 1009 
typo3-src_4.2.5-1+lenny8.dsc
 3390e8a26ccd83798600dd967fae8aa753015a42e825b6cebdb4cdf075419949 160648 
typo3-src_4.2.5-1+lenny8.diff.gz
 a7804badf046a5e585e6b6c30bdf17a8832381d33475aecebf596b25d8643049 134250 
typo3_4.2.5-1+lenny8_all.deb
 9a7cf7374225f68a218cfe91cecb2851b241d11e851faad3c75bc0aa2792d8b7 8189466 
typo3-src-4.2_4.2.5-1+lenny8_all.deb
Files: 
 7fc1563d9f1f28a4c56377d9c5a49828 1009 web optional typo3-src_4.2.5-1+lenny8.dsc
 2ae0aebc38cad0b4f7314c3809f27af9 160648 web optional 
typo3-src_4.2.5-1+lenny8.diff.gz
 cf2797158c87ac5a1903a6d38075caa9 134250 web optional 
typo3_4.2.5-1+lenny8_all.deb
 4dfbb3ec453c0c7c963cc1952e002629 8189466 web optional 
typo3-src-4.2_4.2.5-1+lenny8_all.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iD8DBQFOPA2OUHLQNqxYNSARAoeSAJ0aO2e+B3att6+A/Jps2l13dcoAhgCghNbx
bSaL2OPue+HPE6i5uYhkKn8=
=kqc9
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to