[TYPO3-UG Russia] Fwd: [TYPO3-announce] TYPO3 Security Bulletin TYPO3-20070124-1: Tip-a-friend - Header injection
Michael Shigorin
mike at osdn.org.ua
Thu Jan 25 13:37:58 CET 2007
FYI
----- Forwarded message from Lars Houmark <lars/houmark.com> -----
Date: Wed, 24 Jan 2007 13:50:50 +0100
From: Lars Houmark <lars/houmark.com>
To: <typo3-announce/lists.netfielders.de>
Subject: [TYPO3-announce] TYPO3 Security Bulletin TYPO3-20070124-1: Tip-a-friend - Header injection
Dear users of TYPO3,
A problem has been discovered in the extension tipafriend, which allows
attackers to send arbitrary mail headers and similar, which can lead to
misuse of the extension.
==== Component Type ====
Third party extension. The extension is not part of the TYPO3 default
installation
==== Affected Versions ====
1.2.2 and earlier
==== Vulnerability Type ====
Header Injection
==== Severity ====
HIGH
==== Solution ====
An updated version 1.2.3 is available in the extension repository and at
http://typo3.org/extensions/repository/view/tipafriend/1.2.3/
==== General advice ====
Follow the recommendations that are given in the TYPO3 Security Cookbook.
==== Credits ====
Thanks to security team members Thorsten Kahler and Andreas Otto, who
discovered the issue and provided a fix when reporting it to the security
team.
Regards,
TYPO3 Security Team
Lars Houmark
_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce
----- End forwarded message -----
--
---- WBR, Michael Shigorin <mike at altlinux.ru>
------ Linux.Kiev http://www.linux.kiev.ua/
More information about the TYPO3-russia
mailing list