Debian DSA-2646-1 : typo3-src - several vulnerabilities

2013-03-1700:00:00

www.tenable.com

JSON

TYPO3, a PHP-based content management system, was found vulnerable to several vulnerabilities.

CVE-2013-1842 Helmut Hummel and Markus Opahle discovered that the Extbase database layer was not correctly sanitizing user input when using the Query object model. This can lead to SQL injection by a malicious user inputing crafted relation values.
CVE-2013-1843 Missing user input validation in the access tracking mechanism could lead to arbitrary URL redirection.

Note: the fix will break already published links. Upstream advisory TYPO3-CORE-SA-2013-001 has more information on how to mitigate that.

#%NASL_MIN_LEVEL 70300
#
# (C) Tenable Network Security, Inc.
#
# The descriptive text and package checks in this plugin were  
# extracted from Debian Security Advisory DSA-2646. The text 
# itself is copyright (C) Software in the Public Interest, Inc.
#

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(65584);
  script_version("1.10");
  script_set_attribute(attribute:"plugin_modification_date", value:"2021/01/11");

  script_cve_id("CVE-2013-1842", "CVE-2013-1843");
  script_bugtraq_id(58330);
  script_xref(name:"DSA", value:"2646");

  script_name(english:"Debian DSA-2646-1 : typo3-src - several vulnerabilities");
  script_summary(english:"Checks dpkg output for the updated package");

  script_set_attribute(
    attribute:"synopsis", 
    value:"The remote Debian host is missing a security-related update."
  );
  script_set_attribute(
    attribute:"description", 
    value:
"TYPO3, a PHP-based content management system, was found vulnerable to
several vulnerabilities.

  - CVE-2013-1842
    Helmut Hummel and Markus Opahle discovered that the
    Extbase database layer was not correctly sanitizing user
    input when using the Query object model. This can lead
    to SQL injection by a malicious user inputing crafted
    relation values.

  - CVE-2013-1843
    Missing user input validation in the access tracking
    mechanism could lead to arbitrary URL redirection.

      Note: the fix will break already published links. Upstream
      advisory TYPO3-CORE-SA-2013-001 has more information on how to
      mitigate that."
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1842"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://security-tracker.debian.org/tracker/CVE-2013-1843"
  );
  # http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2013-001/
  script_set_attribute(
    attribute:"see_also",
    value:"http://www.nessus.org/u?6092781d"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://packages.debian.org/source/squeeze/typo3-src"
  );
  script_set_attribute(
    attribute:"see_also",
    value:"https://www.debian.org/security/2013/dsa-2646"
  );
  script_set_attribute(
    attribute:"solution", 
    value:
"Upgrade the typo3-src packages.

For the stable distribution (squeeze), these problems have been fixed
in version 4.3.9+dfsg1-1+squeeze8."
  );
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
  script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"false");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:typo3-src");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0");

  script_set_attribute(attribute:"patch_publication_date", value:"2013/03/15");
  script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/17");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_copyright(english:"This script is Copyright (C) 2013-2021 and is owned by Tenable, Inc. or an Affiliate thereof.");
  script_family(english:"Debian Local Security Checks");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");

  exit(0);
}


include("audit.inc");
include("debian_package.inc");


if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);


flag = 0;
if (deb_check(release:"6.0", prefix:"typo3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;
if (deb_check(release:"6.0", prefix:"typo3-database", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;
if (deb_check(release:"6.0", prefix:"typo3-src-4.3", reference:"4.3.9+dfsg1-1+squeeze8")) flag++;

if (flag)
{
  if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get());
  else security_hole(0);
  exit(0);
}
else audit(AUDIT_HOST_NOT, "affected");

VendorProductVersionCPE
debiandebian_linuxtypo3-srcp-cpe:/a:debian:debian_linux:typo3-src
debiandebian_linux6.0cpe:/o:debian:debian_linux:6.0

Vendor	Product	Version	CPE
debian	debian_linux	typo3-src	p-cpe:/a:debian:debian_linux:typo3-src
debian	debian_linux	6.0	cpe:/o:debian:debian_linux:6.0

References

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1842

cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2013-1843

www.nessus.org/u?6092781d

bugs.debian.org/cgi-bin/bugreport.cgi?bug=702574

packages.debian.org/source/squeeze/typo3-src

security-tracker.debian.org/tracker/CVE-2013-1842

security-tracker.debian.org/tracker/CVE-2013-1843

www.debian.org/security/2013/dsa-2646

JSON

Related for DEBIAN_DSA-2646.NASL