FreeBSD : typo3 -- multiple vulnerabilities (653606e9-f6ac-11dd-94d9-0030843d3802)

critical Nessus Plugin ID 35624

Synopsis

The remote FreeBSD host is missing a security-related update.

Description

Secunia reports :

Some vulnerabilities have been reported in Typo3, which can be exploited by malicious people to bypass certain security restrictions, conduct cross-site scripting and session fixation attacks, and compromise a vulnerable system.

The 'Install tool' system extension uses insufficiently random entropy sources to generate an encryption key, resulting in weak security.

The authentication library does not properly invalidate supplied session tokens, which can be exploited to hijack a user's session.

Certain unspecified input passed to the 'Indexed Search Engine' system extension is not properly sanitised before being used to invoke commands. This can be exploited to inject and execute arbitrary shell commands.

Input passed via the name and content of files to the 'Indexed Search Engine' system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Certain unspecified input passed to the Workspace module is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.

Note: It is also reported that certain unspecified input passed to test scripts of the 'ADOdb' system extension is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected website.

Solution

Update the affected package.

See Also

http://www.nessus.org/u?e821d1f3

http://www.nessus.org/u?1e521964

Plugin Details

Severity: Critical

ID: 35624

File Name: freebsd_pkg_653606e9f6ac11dd94d90030843d3802.nasl

Version: 1.19

Type: local

Published: 2/9/2009

Updated: 1/6/2021

Supported Sensors: Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: Critical

Base Score: 10

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C

Vulnerability Information

CPE: p-cpe:/a:freebsd:freebsd:typo3, cpe:/o:freebsd:freebsd

Required KB Items: Host/local_checks_enabled, Host/FreeBSD/release, Host/FreeBSD/pkg_info

Exploit Available: true

Exploit Ease: Exploits are available

Patch Publication Date: 2/9/2009

Vulnerability Publication Date: 2/7/2009

Exploitable With

Core Impact

Reference Information

CVE: CVE-2009-0255, CVE-2009-0256, CVE-2009-0257, CVE-2009-0258

CWE: 20, 287, 310, 79

Secunia: 33617