[TYPO3-UG Russia] Fwd: [TYPO3-announce] TYPO3 Security Bulletin TYPO3-20080416-1: Multiple vulnerabilities in extension de_phpot

Michael Shigorin mike at osdn.org.ua
Wed Apr 16 09:28:52 CEST 2008 

----- Forwarded message from Henning Pingel <henning/typo3.org> -----

Date: Wed, 16 Apr 2008 08:00:21 +0200
From: Henning Pingel <henning/typo3.org>
To: typo3-announce/lists.netfielders.de
Subject: [TYPO3-announce] TYPO3 Security Bulletin TYPO3-20080416-1: Multiple vulnerabilities in extension de_phpot

Dear users of TYPO3,

It has been discovered that the extension de_phpot is vulnerable to
multiple SQL Injection flaws and other types of security issues.

==== Component Type ====
Third party extension. This extension is not part of the TYPO3 default
installation.

==== Affected Versions ====
All versions

==== Vulnerability Type ====
SQL Injection, Information Disclosure, Denial of Service

==== Severity ====
HIGH

==== Problem Description ====
The extension fails to properly sanitize several HTTP GET, POST and
COOKIE variables, also user permission and authentication checks can
partly be bypassed. As a consequence, it is possible to inject arbitrary
SQL code into different query strings. It is also possible to gain
access to information provided by the extension without being a
legitimate backend user. Besides that, it is possible to cause PHP to be
stuck in an infinite loop. This could be abused for denial of service
attacks.

==== Solution ====
The author of the extension has been contacted but never replied.
Therefore the extension was permanently removed from TER. Please disable
the extension AND delete it from your TYPO3 installations.

==== Additional information ====
Besides de_phpot, the extension de_phpot_webbug has also been removed
from TER. de_phpot_webbug extends de_phpot and can't be used as a stand
alone extension.

==== General advice ====
Follow the recommendations that are given in the TYPO3 Security Cookbook
[1]. Check the TYPO3 security bulletin page frequently for updates [2].
This bulletin TYPO3-20080416-1 is available at [3].

==== Credits ====
The issues were found by the TYPO3 Security Team member Henning Pingel.

Regards,
Henning Pingel
henning/typo3.org

[1]
<http://typo3.org/fileadmin/security-team/typo3_security_cookbook_v-0.5.pdf>
[2] <http://typo3.org/teams/security/security-bulletins/>
[3] <http://typo3.org/teams/security/security-bulletins/typo3-20080416-1/>





_______________________________________________
TYPO3-announce mailing list
TYPO3-announce/lists.netfielders.de
http://lists.netfielders.de/cgi-bin/mailman/listinfo/typo3-announce

----- End forwarded message -----

-- 
 ---- WBR, Michael Shigorin <mike at altlinux.ru>
  ------ Linux.Kiev http://www.linux.kiev.ua/

More information about the TYPO3-russia mailing list