Remote Command Execution and Remote File Disclosure vulnerability in extension pdf_generator2

2011-10-20T00:00:00
ID TYPO3-EXT-SA-2011-016
Type typo3
Reporter TYPO3 Association
Modified 2011-10-20T00:00:00

Description

It has been discovered that the extension pdf_generator2 is vulnerable to Remote Code Execution and Remote File Disclosure

Release Date: Oktober 20, 2011

Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.

Affected Versions: Version 0.21.0 and all versions below

Vulnerability Type: Remote Command Execution, Remote File Disclosure

Severity: Critical

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:P/E:F/RL:OF/RC:C (What is this?)

Problem Description: The extension includes the html2ps library to create PDFs including it's main script html2ps.php. Failing to validate or sanitize user data it is susceptible to Remote Command Execution and potential File Disclosure of web resources that are accessible through the webserver's network.

Solution: An updated version 0.21.1 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/pdf_generator2/0.21.1/. Users of the extension are advised to update the extension as soon as possible.

Credits: Thanks to Arnaud Labenne and Thorsten Boock who discovered and reported the issues.

General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to thetypo3-announce mailing list to receive future Security Bulletins via E-mail.