Debian 4.0 DSA-1720-1 Moderate: TYPO3 Remote Access Issues
debian
February 10, 2009
Several remote vulnerabilities have been discovered in the TYPO3 web content management framework
Summary
Several remote vulnerabilities have been discovered in the TYPO3 web
content management framework.
Marcus Krause and Michael Stucki from the TYPO3 security team
discovered that the jumpUrl mechanism discloses secret hashes enabling
a remote attacker to bypass access control by submitting the correct
value as a URL parameter and thus being able to read the content of
arbitrary files.
Jelmer de Hen and Dmitry Dulepov discovered multiple cross-site
scripting vulnerabilities in the backend user interface allowing
remote attackers to inject arbitrary web script or HTML.
As it is very likely that your encryption key has been exposed we
strongly recommend to change your encyption key via the install tool
after installing the update.
For the stable distribution (etch) these problems have been fixed in
version 4.0.2+debian-8.
For the testing distribution (lenny) these problems have been fixed in
version 4.2.5-1+lenny1.
For the unstable distribution (sid) these problems have been fixed in
version 4.2.6-1.
We re...
PREVIOUS
NEXT
Package: typo3-src
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Related News
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!