Package: typo3-src
Severity: critical
Tags: security
Component Type: TYPO3 Core
Affected Versions: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1
Vulnerability Types: Remote Code Execution
Overall Severity: Critical
Vulnerable subcomponent: TYPO3 workspaces
Vulnerability Type: Remote Code Execution
Severity: Critical
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:C/I:C/A:C/E:F/RL:OF/RC:C
Problem Description: A PHP file which is part of the workspaces system
extension does not validate passed arguments.
You are only vulnerable if all of the following conditions are met:
1. You are using TYPO3 version 4.5.0 up to 4.5.8, 4.6.0 or 4.6.1.
2. You have all of following PHP configuration variables set to "on":
register_globals ("off" by default, advised to be "off" in TYPO3
Security Guide), allow_url_include ("off" by default) and
allow_url_fopen ("on" by default)
If you are using the Suhosin PHP extension you are only vulnerable if
you have additionally put URL schemes in the configuration variable
"suhosin.executor.include.whitelist".
The workspaces system extension does not need to be activated for this
vulnerability to exist.
Possible Impact: A crafted request to a vulnerable TYPO3 installation
will allow an attacker to load PHP code from an external source and to
execute it on the TYPO3 installation.
--
MfG, Christian Welzel
GPG-Key: http://www.camlann.de/de/pgpkey.html
Fingerprint: 4F50 19BF 3346 36A6 CFA9 DBDC C268 6D24 70A1 AD15
--
To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
