[Other] Mehrere Schwachstellen in verschiedenen Dritthersteller-Erweiterungen von TYPO3 – TYPO3-EXT-SA-2011-012

[Other] Mehrere Schwachstellen in verschiedenen Dritthersteller-Erweiterungen von TYPO3 - TYPO3-EXT-SA-2011-012

Von

—–BEGIN PGP SIGNED MESSAGE—–
Hash: SHA1

Liebe Kolleginnen und Kollegen,

soeben erreichte uns nachfolgende Warnung. Wir geben diese Informationen
unveraendert an Sie weiter.

Der Hersteller gibt dieses Collective Security Bulletin (CSB) als
Aufzaehlung verwundbarer Erweiterungen heraus, welche weder eine
nennenswerte Anzahl von Downloads erreichen, noch sonst eine besondere
Bedeutung innerhalb der TYPO3 Community haben.

TYPO3-EXT-SA-2011-012 – Cross-Site Scripting und SQL Injection
Schwachstellen in TYPO3 Erweiterungen

Verschiedene Erweiterungen von Typo3 behandeln Benutzereingaben in
unsicherer Weise. Ein entfernter Angreifer kann diese Schwachstellen
ausnutzen, um beliebige SQL-Befehle und/oder HTML- und Skriptbefehle im
fremden Kontext auszufuehren.

Betroffen sind die folgenden Software Pakete und Plattformen:

Betroffene Erweiterungen:
mg_rooms
mm_hutinfo
dev_null_robots
dam_frontend
rtg_files
tgm_gallery
tgmv_gallery
np_indexed_search_stat
rzcolorbox
t3c_podcasts
winning_game
bps_ship
dhc_inflationcal
gridelements

Alle Plattformen, auf denen die Software lauffaehig ist.

Vom Hersteller werden ueberarbeitete Pakete zur Verfuegung gestellt.

(c) der deutschen Zusammenfassung bei DFN-CERT Services GmbH; die
Verbreitung, auch auszugsweise, ist nur unter Hinweis auf den Urheber,
DFN-CERT Services GmbH, und nur zu nicht kommerziellen Zwecken
gestattet.

Mit freundlichen Gruessen,
Detlev O. Matthies

– —

Detlev O. Matthies, M.Sc. (Incident Response Team)

DFN-CERT Services GmbH, https://www.dfn-cert.de, Phone +49 40 808077-590
Sitz / Register: Hamburg, AG Hamburg, HRB 88805, Ust-IdNr.: DE 232129737
Sachsenstrasse 5, 20097 Hamburg/Germany, CEO: Dr. Klaus-Peter Kossakowski

Automatische Warnmeldungen https://www.cert.dfn.de/autowarn

TYPO3 Security Bulletin TYPO3-EXT-SA-2011-012: Several vulnerabilities in third party extensions

Release Date: September 28, 2011

Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to reduce the workload of the TYPO3 Security Team and of the maintainers of extensions with vulnerabilities. Nevertheless, vulnerabilities in TYPO3 core or important extensions will still get the well-known single Security Bulletin each.

Please read our buzz blog post, which has a detailed explanation on CSBs.

All vulnerabilities affect third-party extensions. These extensions are not part of the TYPO3 default installation.

Extension: mg_rooms (mg_rooms)

Affected Versions: 0.0.2 and all versions below

Vulnerability Type: SQL Injection, Cross-Site Scripting

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Christian Seifert who discovered and reported this issue.

Extension: Hut-Manager (mm_hutinfo)

Affected Versions: 1.0.0 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 1.0.1) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/mm_hutinfo/1.0.1/.

Credits: Credits go to Security Team Member Georg Ringer who discovered and reported this issue.

Extension: dev/null robots.txt (dev_null_robots)

Affected Versions: 1.0.2 and all versions

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: Update to version 1.0.2 or above. At the time of writing the version 1.2.0 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/dev_null_robots/1.2.0/.

Credits: Credits go to Security Team Member Marcus Krause who discovered and reported this issue.

Extension: DAM Frontend (dam_frontend)

Affected Versions: 0.6.5 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 0.6.6) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/dam_frontend/0.6.6/.

Credits: Credits go to Security Team Member Marcus Krause who discovered and reported this issue.

Extension: RTG Files (rtg_files)

Affected Versions: 1.5.1 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 1.5.2) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/rtg_files/1.5.2/.

Credits: Credits go to Security Team Member Sebastian Böttger who discovered and reported this issue.

Extension: TGM gallery (tgm_gallery)

Affected Versions: 0.0.2 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 0.0.3) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/tgm_gallery/0.0.3/.

Note: The extension author informed us that he is no longer maintaining this extension. The extension has been marked obsolete. You are encouraged to replace it with an alternative extension when being used.

Credits: Credits go to extension author Steffen Thierock who discovered and reported this issue.

Extension: tgmv gallery (tgmv_gallery)

Affected Versions: 0.0.3 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 1.0.1) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/tgmv_gallery/0.0.4/.

Note: The extension author informed us that he is no longer maintaining this extension. The extension has been marked obsolete. You are encouraged to replace it with an alternative extension when being used.

Credits: Credits go to extension author Steffen Thierock who discovered and reported this issue.

Extension: Indexed Search Statistics (np_indexed_search_stat)

Affected Versions: 0.0.5 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 0.0.6) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/np_indexed_search_stat/0.0.6/.

Credits: Credits go to Laurent Cherpit who discovered and reported this issue.

Extension: jQuery Colorbox (rzcolorbox)

Affected Versions: 1.3.5 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What’s that?)

Solution: An update (version 1.4.0) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/rzcolorbox/1.4.0/.

Credits: Credits go to Chris Müller who discovered and reported this issue.

Extension: T3C Podcasts (t3c_podcasts)

Affected Versions: 1.0.3 and below

Vulnerability Type: Inclusion of Web Functionality from an Untrusted Source

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Frank Nägler who discovered and reported this issue.

Extension: winning_game (winning_game)

Affected Versions: 1.2.0 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The author will not maintain the extension any more. Please uninstall this extension and delete all files belonging to it from your TYPO3 installation.

Credits: Credits go to Alex Kellner who discovered and reported this issue.

Extension: Frontend Shibboleth Protection (bps_ship)

Affected Versions: 1.0.0

Vulnerability Type: Authentication bypass

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Franz G. Jahn who discovered and reported this issue.

Extension: Inflation-Calculator (dhc_inflationcal)

Affected Versions: 1.0.0

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The author will not maintain the extension any more. Please uninstall this extension and delete all files belonging to it from your TYPO3 installation.

Credits: Credits go to Security Team member Georg Ringer who discovered and reported this issue.

Extension: Gridelelements (gridelements)

Affected Versions: 0.1.0 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What’s that?)

Solution: An update (version 0.2.0) is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/gridelements/0.2.0/.

Credits: Credits go to Security Team member Georg Ringer who discovered and reported this issue.

General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.

—–BEGIN PGP SIGNATURE—–
Version: GnuPG v2.0.16 (GNU/Linux)

iQEcBAEBAgAGBQJOixwnAAoJEJtyb8U7iGZBkTwIAKI2rJgfeJABox1DgTkMEduF
SMK1s9KqlL4mT5GFJo4Z8vAxDzxyVu1EeBqG5BBplyhO52g7m6uyHHNTaYX2tWNP
puikx/DIQcUPtKKL9uN4+KxZpxTDlMZqcpZtUaJzGLoUGl//wGs0ACDweJCiAn/X
D69F/bPiHnJMPiYlm/sdbn+5IpdyfH41S3yEUS6V8RBEo8xc9cHHKU3Jz2MerKUZ
zZ05aywLv50JOjOq1yJwHv09D0qKcFGu+PS4l2vx0ymkCX6UemuN5ckgxvyzR02T
QVEY/ayWyQN9ltr+46iigYSlF58qT63Fz0JOjridCe1Orva6etEBCkE9Z683JUE=
=24SF
—–END PGP SIGNATURE—–

© COMPUTEC MEDIA GmbH
Nach oben