Executive Summary
| Summary | |
|---|---|
| Title | New TYPO3 packages fix several vulnerabilities |
| Informations | |||
|---|---|---|---|
| Name | DSA-2121 | First vendor Publication | 2010-10-19 |
| Vendor | Debian | Last vendor Modification | 2010-10-19 |
| Severity (Vendor) | N/A | Revision | 1 |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:N/AC:M/Au:N/C:C/I:N/A:N) | |||
|---|---|---|---|
| Cvss Base Score | 7.1 | Attack Range | Network |
| Cvss Impact Score | 6.9 | Attack Complexity | Medium |
| Cvss Expoit Score | 8.6 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Several remote vulnerabilities have been discovered in TYPO3. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2010-3714 Multiple remote file disclosure vulnerabilities in the jumpUrl mechanism and the Extension Manager allowed attackers to read files with the privileges of the account under which the web server was running. CVE-2010-3715 The TYPO3 backend contained several cross-site scripting vulnerabilities, and the RemoveXSS function did not filter all Javascript code. CVE-2010-3716 Malicious editors with user creation permission could escalate their privileges by creating new users in arbitrary groups, due to lack of input validation in the taskcenter. CVE-2010-3717 TYPO3 exposed a crasher bug in the PHP filter_var function, enabling attackers to cause the web server process to crash and thus consume additional system resources. For the stable distribution (lenny), these problems have been fixed in version 4.2.5-1+lenny6. For the unstable distribution (sid) and the upcoming stable distribution (squeeze), these problems have been fixed in version 4.3.7-1. We recommend that you upgrade your TYPO3 packages. |
Original Source
| Url : http://www.debian.org/security/2010/dsa-2121 |
CWE : Common Weakness Enumeration
| % | Id | Name |
|---|---|---|
| 40 % | CWE-264 | Permissions, Privileges, and Access Controls |
| 40 % | CWE-20 | Improper Input Validation |
| 20 % | CWE-79 | Failure to Preserve Web Page Structure ('Cross-site Scripting') (CWE/SANS Top 25) |
CPE : Common Platform Enumeration
ExploitDB Exploits
| id | Description |
|---|---|
| 2010-12-29 | TYPO3 Unauthenticated Arbitrary File Retrieval |
OpenVAS Exploits
| Date | Description |
|---|---|
| 2010-11-17 | Name : Debian Security Advisory DSA 2121-1 (typo3-src) File : nvt/deb_2121_1.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 69219 | TYPO3 t3lib_div::validEmail Function PHP FILTER_VALIDATE_EMAIL Operation Remo... TYPO3 is prone to an overflow condition. The 't3lib_div::validEmail' function fails to properly sanitize user-supplied input to filter_var FILTER_VALIDATE_EMAIL PHP operations, resulting in an overflow. With a specially crafted overly long e-mail address string, a remote attacker can potentially cause a denial of service. |
| 69218 | TYPO3 Extension Manager Unspecified Arbitrary File Access TYPO3 contains a flaw related to the Extension Manager that may allow a remote authenticated attacker to use a crafted parameter to access and potentially modify arbitrary files under unspecified specific circumstances. No further details have been provided. |
| 68593 | TYPO3 typo3/sysext/em/mod1/class.em_index.php Unspecified Traversal Arbitrary... TYPO3 contains a flaw that allows a remote, authenticated attacker to traverse outside of a restricted path. The issue is due to the typo3/sysext/em/mod1/class.em_index.php not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../). This directory traversal attack would allow the attacker to access arbitrary files. |
| 68592 | TYPO3 Taskcenter sys_action Task Arbitrary User Creation TYPO3 contains a flaw that may allow an attacker to gain access to unauthorized privileges. The issue is triggered when input passed to the the 'sys_action' task 'be_user_creation' is not properly verified, allowing a remote, authenticated attacker to create users with arbitrary usergroup membership and gain elevated privileges. |
| 68591 | TYPO3 typo3/contrib/RemoveXSS/RemoveXSS.php Unspecified XSS TYPO3 contains a flaw that allows a remote cross-site scripting (XSS) attack. This flaw exists because the application does not validate certain unspecified input upon submission to thetypo3/contrib/RemoveXSS/RemoveXSS.php script. This may allow a user to create a specially crafted URL that would execute arbitrary script code in a user's browser within the trust relationship between their browser and the server. |
| 68590 | TYPO3 typo3/sysext/cms/tslib/class.tslib_fe.php jumpURL Parameter Traversal A... TYPO3 contains a flaw that allows a remote attacker to traverse outside of a restricted path. The issue is due to the typo3/sysext/cms/tslib/class.tslib_fe.php script not properly sanitizing user input, specifically directory traversal style attacks (e.g., ../../) supplied via the 'jumpURL' parameter. This directory traversal attack would allow the attacker to access arbitrary files. |
Nessus® Vulnerability Scanner
| Date | Description |
|---|---|
| 2010-10-20 | Name : The remote Debian host is missing a security-related update. File : debian_DSA-2121.nasl - Type : ACT_GATHER_INFO |
Alert History
| Date | Informations |
|---|---|
| 2014-02-17 11:29:43 |
|
