The Ubuntu package typo3-src-4.1 (4.1.2+debian-1ubuntu1) has these security problems.
= = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = TYPO3 Security Bulletin TYPO3-SA-2009-002: Information Disclosure & XSS in TYPO3 Core, see: http://typo3.org/teams/security/security- bulletins/typo3-sa-2009-002/ Component Type: TYPO3 Core Affected Versions: TYPO3 versions 3.3.x, 3.5.x, 3.6.x, 3.7.x, 3.8.x, 4.0 to 4.0.11, 4.1.0 to 4.1.9, 4.2.0 to 4.2.5, 4.3alpha1 Vulnerability Types: Information Disclosure, Cross-Site Scripting Overall Severity: Critical Release Date: February 10, 2009 — 9am (GMT) Vulnerable subcomponent #1: Access tracking mechanism Vulnerability Type: Information Disclosure Severity: Critical Problem Description: An Information Disclosure vulnerability in jumpUrl mechanism, used to track access on web pages and provided files, allows a remote attacker to read arbitrary files on a host. The expected value of a mandatory hash secret, intended to invalidate such requests, is exposed to remote users allowing them to bypass access control by providing the correct value. There's no authentication required to exploit this vulnerability. The vulnerability allows to read any file, the web server user account has access to. Possible Impact: This flaw is making it potentially possible for the hacker to download the contents of any file on the server, i.e. typo3conf/localconf.php, which holds both install tool password alongside database username and password. Using rainbow tables, the hacker may be able to login to your install tool and from there take over your website. Please refer to the section "Other recommendations" in order to understand some general methods of securing your TYPO3 installation. Solution: You can choose one of the solutions below: 1) Update to the TYPO3 versions 4.0.12, 4.1.10 or 4.2.6, or 2) Use this shell script (md5 sum: 0cbd0aac72e624cb3dd6673a01f85320, documentation in file) to run accross your webservers in order to replace the affected lines, or 2) Apply one of the patches linked below (fitting to the version you're using), or 3) Edit the affected file class.tslib_fe.php following the instructions below. In TYPO3 versions equal or greater than 4.0, the affected file is located in typo3/sysext/cms/tslib/class.tslib_fe.php. In TYPO3 versions lower than 4.0, the affected file is located in tslib/class.tslib_fe.php and possibly symlinked to the aforementioned location, also in typo3/sysext/cms/tslib/class.tslib_fe.php In the file, search for the line: ------------------------ } else die('jumpurl Secure: Calculated juHash, '.$calcJuHash.', did not match the submitted juHash.'); ------------------------ and replace it with: ------------------------ } else die('jumpurl Secure: Calculated juHash did not match the submitted juHash.'); ------------------------ Note: Version 3.3 and 3.5 of TYPO3 uses double-quotes, which means you have to search ".$calcJuHash." when doing manual replacing. Patches for older TYPO3 versions: (please see: http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-002/) = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = = It would be very nice to have all these security issues fixed in the packages. Maybe include a fix for this as well: https://bugs.launchpad.net/bugs/290649 -- typo3 security: several issues https://bugs.launchpad.net/bugs/327342 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
