FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

This script is Copyright (C) 2009-2016 Tenable Network Security, Inc.


Synopsis :

The remote FreeBSD host is missing a security-related update.

Description :

Secunia reports :

Some vulnerabilities have been reported in Typo3, which can be
exploited by malicious people to bypass certain security restrictions,
conduct cross-site scripting and session fixation attacks, and
compromise a vulnerable system.

The 'Install tool' system extension uses insufficiently random entropy
sources to generate an encryption key, resulting in weak security.

The authentication library does not properly invalidate supplied
session tokens, which can be exploited to hijack a user's session.

Certain unspecified input passed to the 'Indexed Search Engine' system
extension is not properly sanitised before being used to invoke
commands. This can be exploited to inject and execute arbitrary shell
commands.

Input passed via the name and content of files to the 'Indexed Search
Engine' system extension is not properly sanitised before being
returned to the user. This can be exploited to execute arbitrary HTML
and script code in a user's browser session in context of an affected
site.

Certain unspecified input passed to the Workspace module is not
properly sanitised before being returned to the user. This can be
exploited to execute arbitrary HTML and script code in a user's
browser session in context of an affected site.

Note: It is also reported that certain unspecified input passed to
test scripts of the 'ADOdb' system extension is not properly sanitised
before being returned to the user. This can be exploited to execute
arbitrary HTML and script code in a user's browser session in context
of an affected website.

See also :

http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/
http://www.nessus.org/u?f42d0b0e

Solution :

Update the affected package.

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)
Public Exploit Available : true

Family: FreeBSD Local Security Checks

Nessus Plugin ID: 35624 (freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl)

Bugtraq ID:

CVE ID: CVE-2009-0255
CVE-2009-0256
CVE-2009-0257
CVE-2009-0258

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now