Upgrade TYPO3 naar nieuwe versie vanwege veiligheidsproblemen

Diverse veiligheidsissues in de TYPO3 core maken het noodzakelijk om een upgrade uit te voeren op uw huidige installatie om de veiligheid te kunnen blijven garanderen.

Hieronder treft u een samenvatting aan van het bericht van het security team en het advies om uw installatie(s) te upgraden naar de laatste versies 4.1.13, 4.2.10 or 4.3beta2.

Component Type: TYPO3 Core

Affected Versions: TYPO3 versions 4.0.13 and below, 4.1.12 and below, 4.2.9 and below, 4.3.0beta1 and below

Vulnerability Types: SQL injection, Cross-site scripting (XSS), Information disclosure, Frame hijacking, Remote shell command execution and Insecure Install Tool authentication/session handling.

Overall Severity: High

Release Date: Oktober 22, 2009

Vulnerable subcomponent #1: Backend

Vulnerability Type: Information disclosure

Severity: High

Problem Description: By entering malcious content into a tt_content form element, a backend user could recalculate the encryption key. This knowledge could be used to attack TYPO3 mechanisms that were protected by this key. A valid backend login is required to exploit this vulnerability.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Stefan Schuler who discovered and reported the issue.

Vulnerability Type: Cross-site scripting

Severity: Medium

Problem Description: Failing to sanitize URL parameters the TYPO3 backend is susceptible to XSS attacs in several places. A valid backend login is required to exploit these vulnerabilities.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Stefan Esser, Marcus Krause and Jelmer de Hen, who discovered and reported the issues.

Vulnerability Type: Frame hijacking

Severity: Medium

Problem Description: By manipulating URL parameters it is possible to include arbitrary websites in the TYPO3 backend framesets. A valid backend login is required to exploit this vulnerability.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Jelmer de Hen who discovered and reported the issue.

Vulnerability Type: Remote shell command execution.

Severity: Medium/High

Problem Description: By uploading files with malicious filenames an editor could execute arbitrary shell commands on the server the TYPO3 installation is located. A valid backend login is required to exploit this vulnerability.

Note: This problem does not exist in a standard TYPO3 installation, if editors are only allowed to upload files to fileadmin with the fillist module, because the filenames are sanitized directly after upload. However if you use third party extensions like DAM or your editors are allowed to upload files e.g. by ftp (the latter is highly discouraged) your system is affected by this vulnerability.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Christian Welzel who discovered and reported the issue.

Vulnerable subcomponent #2: Frontend Editing

Vulnerability Type: SQL injection

Severity: High

Problem Description: Failing to sanitize URL parameters, TYPO3 is susceptible to SQL injection in the frontend editing feature (the traditional one, not feeditadvanced that will be shipped with TYPO3 4.3). A valid backend login and activated frontend editing is required to exploit this vulnerability.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Christian Weiske who discovered and reported the issue.

Vulnerable subcomponent #3: API function t3lib_div::quoteJSvalue

Vulnerability Type: Cross-site scripting

Severity: Medium/High

Problem Description: The sanitizing algorithm of the API function t3lib_div::quoteJSvalue wasn't sufficient, so that an an attacker could inject specially crafted HTML or JavaScript code. Since this function can be used in backend modules as well as in frontend extensions, this vulnerability could also be exploited without the need of having a vaild backend login.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Andreas Schnapp and Sebastian Spooren who discovered and reported the issue.

Vulnerable subcomponent #4: Frontend Login Box (felogin)

Vulnerability Type: Cross-site scripting

Severity: Medium

Problem Description: Failing to sanitize URL parameters the Frontend Login Box box is susceptible to XSS.

Solution: This problem only exists in TYPO3 versions 4.2.0 - 4.2.6 and was already fixed for version 4.2.7 while fixing a non security related issue.

Credits: Credits go to Chirs John Riley who discovered and reported the issue and to Stefan Lang who discovered and reported the related issue.

Vulnerable subcomponent #5: Install Tool

Vulnerability Type: Insecure Authentication and Session Handling

Severity: High

Problem Description: It is possible to gain access to the Install Tool by only knowing the md5 hash of the Install Tool password.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Bernhard Kraft who discovered and reported the issue.

Vulnerability Type: Cross-site scripting

Severity: Medium

Problem Description: Failing to sanitize URL parameters, the Install Tool is susceptible to Cross-site scripting attacks.

Solution: Update to the TYPO3 versions 4.1.13, 4.2.10 or 4.3beta2 that fix the problem described.

Credits: Credits go to Chirs John Riley and Susanne Moog who discovered and reported the issue.

General Advice: The Install Tool is not meant to be activated in production environments, which is already clearly stated in several places in the TYPO3 backend and the Install Tool itself. Please respect these warnings and use the new feature in TYPO3 versions 4.2.8 and above to enable the Install Tool for maintenance only and disable it immediately afterwards.

Indien u een TYPO3 Service Overeenkomst heeft bij alterNET, dan wordt deze upgrade automatisch uitgevoerd. Heeft u geen TYPO3 Service Overeenkomst, of twijfelt u daarover, neemt u dan zo spoedig mogelijk contact op met ons via 078 635 1200 of support@alternet.nl.