[TYPO3-UG Dutch] Ter info: TYPO3 Security Bulletin TYPO3-20070124-1: Tip-a-friend - Header injection
Ric van Westhreenen|alterNET Internet BV
ric at alternet.nl
Wed Jan 24 14:06:05 CET 2007
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Voor degenen die de extensie Tip-a-friend gebruiken:
A problem has been discovered in the extension tipafriend, which allows
attackers to send arbitrary mail headers and similar, which can lead to
misuse of the extension.
==== Component Type ====
Third party extension. The extension is not part of the TYPO3 default
installation
==== Affected Versions ====
1.2.2 and earlier
==== Vulnerability Type ====
Header Injection
==== Severity ====
HIGH
==== Solution ====
An updated version 1.2.3 is available in the extension repository and at
http://typo3.org/extensions/repository/view/tipafriend/1.2.3/
==== General advice ====
Follow the recommendations that are given in the TYPO3 Security Cookbook.
==== Credits ====
Thanks to security team members Thorsten Kahler and Andreas Otto, who
discovered the issue and provided a fix when reporting it to the
security team.
Bron: TYPO3 security team.
- --
Met vriendelijke groeten, kind regards,
drs Ric van Westhreenen
alterNET Internet BV
TYPO3 | Online Marketing | Domeinstrategie
Archimedesstraat 2
3316 AB Dordrecht
T. 078 635 1200
Skype: roodlicht <callto://roodlicht/>
F. 084 834 9697
M. 064 808 6196
W. www.alternet.nl <http://www.alternet.nl/>
KvK nr.: 23092865
- ----------------------------------------
alterNET zoekt:
Ervaren PHP programmeur (locatie Dordrecht)
http://www.alternet.nl/EM_VAC122006.142.0.html
*Disclaimer: *
This message (including any of its attachments) may contain confidential
and/or privileged information. If you are not the intended recipient,
please notify the sender immediately by e-mail or telephone +31 (0)78
6351200 and delete this message from your system. Any disclosure,
distribution, copying or printing of this message is strictly prohibited
unless otherwise stated. You are advised to carry out a virus scan
before opening any attachments as we do not accept any liability
whatsoever for any damage sustained as a result of any software viruses.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (MingW32)
iQIVAwUBRbdZvWMNZwrxoP4IAQJL4A//cbmGcP2kt8WPWDsr07lzKhC6RoXA+cSp
ztC3buk2LOs9ilcP7TIUOCM/d2GuvECaYILfNIyyJw0anx/3KApaa8X6okquGA/r
8aaQff6c7ujiI7ZdPSdHRMBsWqhoDJWuD3O1VIaOCm1XKbxa8V6u2URfu4F2zSfk
OCSfaotTFGXEg1ncOiF6MTkD5zYBciQ6xCux5IH3x7cbhnEh6funlVFH+p/Tz6xx
eQ1AAkhWkRB83AFyKk7P3Wz4B4FVh9dimZgQO5XAyHoqLtf5KrmCQhLaJpBca1wx
mfvKW8jyxyYpioSRakXqdN0v2JIFva4rAx5wYAcqBHA7IAqF8ZNsL8jG6V4MUcDr
JOqvjvqiGRibA4bxvi0KpfEaWeyRIe0NmKeIEsZBuhxtr0PPvaKef0CSHWcEWKdo
FdLjBvGji3CtMqXXhyTri7RbOf3rgZSJPyxuyrHpz7n07dm0l6DePuz4sQ1bcnZI
TjpDLi+pM84Z59D9FdlGzxI647LCXoDPEGbI5SGxBEDFl9f/JUDAcCObGJzJYAf3
Ln00iokdUc0FM241EoWEpS48cjxPhEE/Ar6vmcVqQ1zqXNm4EqehZxTEnmfpmQVj
Otd1rsLNN1KToaj7Naz8A95ZK/InrQPUKl8ggxDyvfLgD1vRbjNSKOS3+E9GA5XY
1m1GxaWhL5E=
=lO8m
-----END PGP SIGNATURE-----
More information about the TYPO3-UG-dutch
mailing list