scip AG

NASLDB: FreeBSD : typo3 -- Multiple vulernabilities in TYPO3 Core (48bcb4b2-e708-11e1-a59d-000d601460a4)

General

ID: 61557
Name: FreeBSD : typo3 — Multiple vulernabilities in TYPO3 Core (48bcb4b2-e708-11e1-a59d-000d601460a4)

Summary: Checks for updated packages in pkg_info output

Credits: Tenable Network Security, Inc.

Classification

Risk: –

CVSS: –
CVSS Base Vector: –
CVSS Temporal Vector: –

Port: 0
Family: FreeBSD Local Security Checks
Type: Local

Description

Typo Security Team reports :

It has been discovered that TYPO3 Core is vulnerable to Cross-Site
Scripting, Information Disclosure, Insecure Unserialize leading to
Arbitrary Code Execution.

TYPO3 Backend Help System – Due to a missing signature (HMAC) for a
parameter in the view_help.php file, an attacker could unserialize
arbitrary objects within TYPO3. We are aware of a working exploit,
which can lead to arbitrary code execution. A valid backend user login
or multiple successful cross site request forgery attacks are required
to exploit this vulnerability.

TYPO3 Backend – Failing to properly HTML-encode user input in several
places, the TYPO3 backend is susceptible to Cross-Site Scripting. A
valid backend user is required to exploit these vulnerabilities.

TYPO3 Backend – Accessing the configuration module discloses the
Encryption Key. A valid backend user with access to the configuration
module is required to exploit this vulnerability.

TYPO3 HTML Sanitizing API – By not removing several HTML5 JavaScript
events, the API method t3lib_div::RemoveXSS() fails to filter
specially crafted HTML injections, thus is susceptible to Cross-Site
Scripting. Failing to properly encode for JavaScript the API method
t3lib_div::quoteJSvalue(), it is susceptible to Cross-Site Scripting.

TYPO3 Install Tool – Failing to properly sanitize user input, the
Install Tool is susceptible to Cross-Site Scripting.

Exploiting

Exploit Available: –
Exploitability Ease: –

Sources

CVE: –
OSVDB: –
Bugtraq: –
scipID: –

Timeline

Vulnerability Disclosure: 2012/08/15
Patch Release: 2012/08/15
Plugin Release: 2012/08/16

Plugin

Version: 1.1
Filename: freebsd_pkg_48bcb4b2e70811e1a59d000d601460a4.nasl
Filesize: 5629 bytes
MD5 Hash: 339cf97f02ccd4fd8f0d8c481a5a79ed

Identification: Host/local_checks_enabled
Require Keys: Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info
Dependencies: "ssh_get_info.nasl"

Copyright: This script is© 2012 Tenable Network Security, Inc.

Letzte Plugins

• Letzte Plugins
  • USN-1611-1 : thunderbird vulnerabilities
  • USN-1610-1 : linux vulnerability
  • USN-1609-1 : linux-ti-omap4 vulnerability
  • SuSE 10 Security Update : PostgreSQL
  • RHSA-2012-1364: bind97
  • RHSA-2012-1363: bind
  • RHSA-2012-1362: thunderbird
  • RHSA-2012-1361: xulrunner
  • Mandriva Linux Security Advisory : graphicsmagick
  • FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack

• Archiv
• scip VulDB
• Syndication
  • RSS
  • Twitter