'[oss-security] Re:=?ISO-8859-15?Q?=20?=[Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vul'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       oss-security
Subject:    [oss-security] Re:=?ISO-8859-15?Q?=20?=[Ticket#2012111110000015] TYPO3-CORE-SA-2012-005: Several Vul
From:       TYPO3 Security Team <security () typo3 ! org>
Date:       2013-06-16 11:46:05
Message-ID: 1371383165.202789.564052523.2922.14 () securityteam ! typo3 ! org
[Download RAW message or body]

Dear Kurt Seifried,

Thank you for your request.

I'm a bit embarrassed about our response time :(

Very sorry for that. Things will vastly improve in the near future!

12/10/2012 22:40 - Kurt Seifried wrote:

> Can the Typo3 security team please confirm the following:
> 
> > Component Type: TYPO3 Core Affected Versions: 4.5.0 up to 4.5.20,
> > 4.6.0 up to 4.6.13, 4.7.0 up
> to 4.7.5 and development releases of the 6.0 branch.
> > Vulnerability Types: SQL Injection, Cross-Site Scripting,
> Information Disclosure
> 
> so no CVE's needed for this, this is simply a summary of the below issues?

True!

> > Vulnerable subcomponent: TYPO3 Backend History Module Vulnerability
> > Type: SQL Injection, Cross-Site Scripting Solution: Update to the
> > TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that
> fix the problem described!
> > Credits: Credits go to Thomas Worm who discovered and reported the
> issue.
> 
> Did he discover both the SQL Injection and the Cross-Site Scripting
> issues? 

No, he only discovered the XSS. We discovered the SQLi while fixing the XSS.

> Can you provide a link to the specific code fixes?

Here it is.
https://review.typo3.org/16304

> so 2 cve's needed correct?

Yes.

> > Vulnerable subcomponent: TYPO3 Backend History Module Vulnerability
> > Type: Information Disclosure
> Solution: Update to the TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that fix
> the problem described!
> > Credits: Credits go to Core Team Member Oliver Hader who
> > discovered
> and fixed the issue.
> 
> so one cve needed here? Can you provide a link to the specific code fixes?

Yes.

It's also fixed in the same change:
https://review.typo3.org/16304

> > Vulnerable subcomponent: TYPO3 Backend API Vulnerability Type:
> > Cross-Site Scripting Solution: Update to the TYPO3 version 4.5.21,
> > 4.6.14 or 4.7.6 that
> fix the problem described!
> > Credits: Credits go to Johannes Feustel who discovered and
> > reported
> the issue.
> 
> so one cve needed here? Can you provide a link to the specific code fixes?

Yes: https://review.typo3.org/16305

> > Vulnerability Type: Cross-Site Scripting Solution: Update to the
> > TYPO3 version 4.5.21, 4.6.14 or 4.7.6 that
> fix the problem described!
> > Credits: Credits go to Richard Brain who discovered and reported
> > the
> issue.
> 
> so one cve needed here? Can you provide a link to the specific code fixes?

Yes: https://review.typo3.org/16300


Regards,

Helmut Hummel
Member of the TYPO3 Security Team

--
TYPO3 Security Team homepage: http://typo3.org/teams/security/

E-Mail: security@typo3.org

Please note: When replying to this e-mail, please leave the header intact.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic