Bug#766502: TYPO3-CORE-SA-2014-002: Multiple Vulnerabilities in TYPO3 CMS

Thu, 23 Oct 2014 08:54:33 -0700 

Package: typo3-src
Severity: critical
Tags: security
It has been discovered that TYPO3 CMS is vulnerable to Denial of Service and Arbitrary Shell Execution! 


Component Type: TYPO3 CMS
Vulnerability Types: Denial of Service, Arbitrary Shell Execution
Overall Severity: Medium
Release Date: October 22, 2014



Vulnerable subcomponent: OpenID System Extension


Vulnerability Type: Denial of Service

Affected Versions: Versions 4.5.0 to 4.5.36, 4.7.0 to 4.7.19, 6.1.0 to 
6.1.11 and 6.2.0 to 6.2.5

Severity: Medium
Related CVE: CVE-2013-4701


Problem Description: The OpenID library that is shipped with TYPO3 
allows remote attackers to read arbitrary files, send HTTP requests to 
intranet servers, or cause a denial of service (CPU and memory 
consumption) via XRDS data containing an external entity declaration in 
conjunction with an entity reference, related to an XML External Entity 
(XXE) issue. Affected are all TYPO3 installation with system extension 
openid installed and enabled.



Solution: Alternatively disabling openid system extension also fixes the 
vulnerability in case an update is currently not possible. However it is 
unlikely but possible that other third party extensions use the OpenID 
library exposing this TYPO3 installation to this vulnerability again. 
Therefore updating is strongly recommended.





Vulnerable subcomponent: Swiftmailer library


Vulnerability Type: Arbitrary Shell Execution

Affected Versions: Versions 4.5.0 to 4.5.36, 4.7.0 to 4.7.19, 6.1.0 to 
6.1.11 and 6.2.0 to 6.2.5

Severity: Medium
Related announcement: Swiftmailer release 5.2.1


Problem Description: The swiftmailer library in use allows to execute 
arbitrary shell commands if the "From" header comes from a non-trusted 
source and no "Return-Path" is configured. Affected are only TYPO3 
installation the configuration option
$GLOBALS['TYPO3_CONF_VARS']['MAIL']['transport'] is set to "sendmail". 
Installations with the default configuration are not affected.




--
 MfG, Christian Welzel

  GPG-Key:     pub 4096R/5117E119 2011-09-19
  Fingerprint: 3688 337C 0D3E 3725 94EC  E401 8D52 CDE9 5117 E119


--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org















    











					Reply via email to