Package: typo3-src Severity: critical Tags: security
TYPO3 Security Bulletin TYPO3-SA-2009-016: Multiple vulnerabilities in TYPO3 Core Vulnerability Types: SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling. Problem Description 1: By entering malcious content into a tt_content form element, a backend user could recalculate the encryption key. This knowledge could be used to attack TYPO3 mechanisms that were protected by this key. A valid backend login is required to exploit this vulnerability. Problem Description 2: Failing to sanitize user input the TYPO3 backend is susceptible to XSS attacs in several places. A valid backend login is required to exploit these vulnerabilities. Problem Description 3: By manipulating URL parameters it is possible to include arbitrary websites in the TYPO3 backend framesets. A valid backend login is required to exploit this vulnerability. Problem Description 4: By uploading files with malicious filenames an editor could execute arbitrary shell commands on the server the TYPO3 installation is located. A valid backend login is required to exploit this vulnerability. Problem Description 5: Failing to sanitize URL parameters, TYPO3 is susceptible to SQL injection in the frontend editing feature (the traditional one, not feeditadvanced that will be shipped with TYPO3 4.3). A valid backend login and activated frontend editing is required to exploit this vulnerability. Problem Description 6: The sanitizing algorithm of the API function t3lib_div::quoteJSvalue wasn't sufficient, so that an an attacker could inject specially crafted HTML or JavaScript code. Since this function can be used in backend modules as well as in frontend extensions, this vulnerability could also be exploited without the need of having a vaild backend login. Problem Description 7: Failing to sanitize URL parameters the Frontend Login Box box is susceptible to XSS. Problem Description 8: It is possible to gain access to the Install Tool by only knowing the md5 hash of the Install Tool password. Problem Description 9: Failing to sanitize URL parameters, the Install Tool is susceptible to Cross-site scripting attacks. For more information see the Typo3 Bulletin at: <https://typo3.org/teams/security/security-bulletins/typo3-sa-2009-016/> -- MfG, Christian Welzel GPG-Key: http://www.camlann.de/key.asc Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15 -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org