The Vigil@nce team watches public vulnerabilities impacting your computers, and then offers security solutions, a database and tools to fix them.

Computer vulnerabilities of Debian Sarge

vulnerability announce CVE-2012-4411

Xen: privilege elevation via QEMU Monitor

Synthesis of the vulnerability

An administrator of a guest system can use a keyboard shortcut, in order to access to the QEMU Monitor console, so he can elevate his privileges on the host.
Impacted products: Debian, Fedora, openSUSE, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights.
Provenance: user shell.
Creation date: 07/09/2012.
Identifiers: BID-55442, CERTA-2012-AVI-490, CVE-2012-4411, DSA-2543-1, FEDORA-2012-13434, FEDORA-2012-13443, openSUSE-SU-2012:1572-1, openSUSE-SU-2012:1573-1, SUSE-SU-2012:1486-1, SUSE-SU-2012:1487-1, SUSE-SU-2012:1503-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-11922.

Description of the vulnerability

The QEMU Monitor console is used to:
 - obtain information on devices
 - change the configuration
 - etc.

This console is reachable using keys CTRL and ALT. However, this keyboard shortcut is not disabled from guest systems, which have a graphical console.

An administrator of a guest system can therefore use a keyboard shortcut, in order to access to the QEMU Monitor console, so he can elevate his privileges on the host.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3494 CVE-2012-3495 CVE-2012-3496

Xen: several vulnerabilities

Synthesis of the vulnerability

An attacker, who is located in a Xen guest system, can use several vulnerabilities, in order to create a denial of service on the host, or to execute code.
Impacted products: XenServer, Debian, BIG-IP Hardware, TMOS, Fedora, openSUSE, RHEL, SUSE Linux Enterprise Desktop, SLES, Unix (platform) ~ not comprehensive.
Severity: 2/4.
Consequences: administrator access/rights, privileged access/rights, denial of service on server.
Provenance: user shell.
Number of vulnerabilities in this bulletin: 7.
Creation date: 05/09/2012.
Identifiers: BID-55400, BID-55406, BID-55410, BID-55411, BID-55412, BID-55413, BID-55414, CERTA-2012-AVI-485, CTX134708, CVE-2012-3494, CVE-2012-3495, CVE-2012-3496, CVE-2012-3497-REJECT, CVE-2012-3498, CVE-2012-3515, CVE-2012-3516, CVE-2012-6030, CVE-2012-6031, CVE-2012-6032, CVE-2012-6033, CVE-2012-6034, CVE-2012-6035, CVE-2012-6036, DSA-2542-1, DSA-2543-1, DSA-2544-1, DSA-2545-1, FEDORA-2012-13434, FEDORA-2012-13443, FEDORA-2012-15606, FEDORA-2012-15740, MDVSA-2013:121, openSUSE-SU-2012:1153-1, openSUSE-SU-2012:1170-1, openSUSE-SU-2012:1172-1, openSUSE-SU-2012:1174-1, openSUSE-SU-2012:1176-1, openSUSE-SU-2012:1572-1, openSUSE-SU-2012:1573-1, RHSA-2012:1233-01, RHSA-2012:1234-01, RHSA-2012:1235-01, RHSA-2012:1236-01, RHSA-2012:1262-01, RHSA-2012:1325-01, SOL13405416, SUSE-SU-2012:1129-1, SUSE-SU-2012:1132-1, SUSE-SU-2012:1133-1, SUSE-SU-2012:1135-1, SUSE-SU-2012:1162-1, SUSE-SU-2012:1203-1, SUSE-SU-2012:1205-1, SUSE-SU-2012:1486-1, SUSE-SU-2012:1487-1, SUSE-SU-2012:1503-1, SUSE-SU-2014:0446-1, VIGILANCE-VUL-11916, XSA-12, XSA-13, XSA-14, XSA-15, XSA-16, XSA-17, XSA-18.

Description of the vulnerability

Several vulnerabilities were announced in Xen.

An attacker, who is located in a paravirtualized 64 bit guest system, can change the debug register DR7. [severity:1/4; BID-55400, CVE-2012-3494, XSA-12]

The PHYSDEVOP_get_free_pirq hypercall of Xen 4.1, which is used to obtain the structure physdev_get_free_pirq, uses the return code of the get_free_pirq() function as an array index. However, if the function fails, the error code is an invalid index, which corrupts the memory, and could lead to code execution. An attacker, who is located in a guest system, can try to access to a physical IRQ, to exploit this vulnerability. [severity:2/4; BID-55406, CVE-2012-3495, XSA-13]

An attacker, who is located in a paravirtualized guest system, can call XENMEM_populate_physmap with an invalid parameter, in order to stop the host system. [severity:1/4; BID-55412, CVE-2012-3496, XSA-14]

When TMEM (Transcendent Memory) is enabled via the option "tmem" on the hypervisor command line, an attacker located in a guest can corrupt the host memory, in order to execute code on the host. [severity:2/4; BID-55410, CVE-2012-3497-REJECT, CVE-2012-6030, CVE-2012-6031, CVE-2012-6032, CVE-2012-6033, CVE-2012-6034, CVE-2012-6035, CVE-2012-6036, XSA-15]

An attacker, who is located in a HVM guest system, can use PHYSDEVOP_map_pirq with the parameter MAP_PIRQ_TYPE_GSI, in order to stop the host system. [severity:1/4; BID-55414, CVE-2012-3498, XSA-16]

An attacker, who is located in a HVM guest system, can use a malicious VT100 sequence, in order to corrupt the memory, to elevate his privileges. [severity:2/4; BID-55413, CVE-2012-3515, XSA-17]

An attacker, who is a located in the Xen 4.2RC guest system, can use GNTTABOP_swap_grant_ref to stop the host, and possibly to execute code on the host. [severity:2/4; BID-55411, CVE-2012-3516, XSA-18]

An attacker, who is located in a Xen guest system, can therefore use several vulnerabilities, in order to create a denial of service on the host, or to execute code.
Full Vigil@nce bulletin... (Free trial)

vulnerability note CVE-2012-3552

Linux kernel: denial of service via ip_options

Synthesis of the vulnerability

A local attacker can create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Impacted products: Debian, Linux, RHEL, ESX.
Severity: 1/4.
Consequences: denial of service on server.
Provenance: user shell.
Creation date: 03/09/2012.
Identifiers: BID-55359, CERTA-2013-AVI-657, CVE-2012-3552, DSA-2668-1, ESX410-201312001, ESX410-201312401-SG, ESX410-201312403-SG, RHSA-2012:1304-01, RHSA-2012:1540-01, VIGILANCE-VUL-11914, VMSA-2013-0007.1, VMSA-2013-0015.

Description of the vulnerability

An IPv4 packet can contain options.

The kernel stores these IP options in the structure ip_options (inet->opt).

The ip_make_skb() function calls ip_setup_cork(), which copies inet->opt. However, if another thread changed IP options associated to the socket, the first thread can dereference a freed pointer.

A local attacker can therefore create a multi-threaded program to manage IP options on a socket, in order to stop the system.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-2186 CVE-2012-4737

Asterisk: two vulnerabilities

Synthesis of the vulnerability

An authenticated attacker can use two vulnerabilities of Asterisk, in order to execute a shell command, or to bypass ACL.
Impacted products: Asterisk Open Source, Debian, Fedora.
Severity: 2/4.
Consequences: user access/rights, data flow.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 2.
Creation date: 31/08/2012.
Identifiers: AST-2012-012, AST-2012-013, BID-55335, BID-55351, CERTA-2012-AVI-478, CVE-2012-2186, CVE-2012-4737, DSA-2550-1, DSA-2550-2, FEDORA-2012-13338, FEDORA-2012-13437, VIGILANCE-VUL-11911.

Description of the vulnerability

Two vulnerabilities were announced in Asterisk.

An authenticated attacker can use the action AMI Originate with the application ExternalIVR, in order to execute a shell command. [severity:2/4; AST-2012-012, BID-55351, CVE-2012-2186]

An attacker, who is authenticated with ARA (Asterisk Realtime Architecture), can make an IAX2 call bypassing ACL rules. [severity:2/4; AST-2012-013, BID-55335, CVE-2012-4737]

An authenticated attacker can therefore use two vulnerabilities of Asterisk, in order to execute a shell command, or to bypass ACL.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-1956 CVE-2012-1970 CVE-2012-1971

Firefox, Thunderbird, SeaMonkey: several vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Firefox, Thunderbird and SeaMonkey can be used by an attacker to execute code on victim's computer.
Impacted products: Debian, Fedora, Mandriva Linux, Firefox, SeaMonkey, Thunderbird, openSUSE, Solaris, RHEL, Slackware, SUSE Linux Enterprise Desktop, SLES.
Severity: 4/4.
Consequences: user access/rights, data reading, data creation/edition, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 17.
Creation date: 29/08/2012.
Identifiers: BID-55249, BID-55256, BID-55257, BID-55260, BID-55264, BID-55266, BID-55274, BID-55276, BID-55277, BID-55278, BID-55292, BID-55304, BID-55306, BID-55308, BID-55310, BID-55311, BID-55312, BID-55313, BID-55316, BID-55317, BID-55318, BID-55319, BID-55320, BID-55321, BID-55322, BID-55323, BID-55324, BID-55325, BID-55340, BID-55341, BID-55342, BID-55344, BID-55857, CERTA-2012-AVI-467, CVE-2012-1956, CVE-2012-1970, CVE-2012-1971, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, CVE-2012-3965, CVE-2012-3966, CVE-2012-3967, CVE-2012-3968, CVE-2012-3969, CVE-2012-3970, CVE-2012-3971, CVE-2012-3972, CVE-2012-3973, CVE-2012-3974, CVE-2012-3975, CVE-2012-3976, CVE-2012-3977-REJECT, CVE-2012-3978, CVE-2012-3979, CVE-2012-3980, CVE-2012-4930, DSA-2553-1, DSA-2554-1, DSA-2556-1, FEDORA-2012-12871, FEDORA-2012-12892, FEDORA-2012-12958, FEDORA-2012-12979, FEDORA-2012-14049, FEDORA-2012-14102, MDVSA-2012:145, MDVSA-2012:146, MDVSA-2012:147, MFSA 2012-57, MFSA 2012-58, MFSA 2012-59, MFSA 2012-60, MFSA 2012-61, MFSA 2012-62, MFSA 2012-63, MFSA 2012-64, MFSA 2012-65, MFSA 2012-66, MFSA 2012-67, MFSA 2012-68, MFSA 2012-69, MFSA 2012-70, MFSA 2012-71, MFSA 2012-72, MFSA 2012-73, openSUSE-SU-2012:1064-1, openSUSE-SU-2012:1065-1, openSUSE-SU-2014:1100-1, RHSA-2012:1210-01, RHSA-2012:1211-01, SSA:2012-244-02, SSA:2012-244-03, SSA:2012-244-04, SUSE-SU-2012:1157-1, SUSE-SU-2012:1167-1, VIGILANCE-VUL-11901.

Description of the vulnerability

Several vulnerabilities were announced in Firefox, Thunderbird and SeaMonkey.

An attacker can generate several memory corruptions, leading to code execution. [severity:4/4; BID-55264, BID-55266, CVE-2012-1970, CVE-2012-1971, MFSA 2012-57]

An attacker can use several freed memory areas, leading to code execution. [severity:4/4; BID-55316, BID-55317, BID-55318, BID-55319, BID-55320, BID-55321, BID-55322, BID-55323, BID-55324, BID-55325, BID-55340, BID-55341, BID-55342, CVE-2012-1972, CVE-2012-1973, CVE-2012-1974, CVE-2012-1975, CVE-2012-1976, CVE-2012-3956, CVE-2012-3957, CVE-2012-3958, CVE-2012-3959, CVE-2012-3960, CVE-2012-3961, CVE-2012-3962, CVE-2012-3963, CVE-2012-3964, MFSA 2012-58]

An attacker can use Object.defineProperty to hide the location of objects, in order to deceive the victim. [severity:3/4; BID-55260, CVE-2012-1956, MFSA 2012-59]

An attacker can use about:newtab, in order to execute code with chrome privileges. [severity:4/4; BID-55256, CVE-2012-3965, MFSA 2012-60]

An attacker can corrupt the memory with an icon in BMP format. [severity:4/4; BID-55274, CVE-2012-3966, MFSA 2012-61]

An attacker can generate a freed memory usage and a memory corruption in WebGL. [severity:4/4; BID-55276, BID-55277, CVE-2012-3967, CVE-2012-3968, MFSA 2012-62]

An attacker can generate a freed memory usage and a buffer overflow via a SVG image. [severity:4/4; BID-55278, BID-55292, CVE-2012-3969, CVE-2012-3970, MFSA 2012-63]

An attacker can generate two memory corruptions in the Graphite 2 library. [severity:3/4; BID-55304, CVE-2012-3971, MFSA 2012-64]

An attacker can generate a read at an invalid memory address via an XSLT file. [severity:1/4; BID-55310, CVE-2012-3972, MFSA 2012-65]

When the HTTPMonitor extension is enabled, an attacker can debug the application remotely. [severity:4/4; BID-55308, CVE-2012-3973, MFSA 2012-66]

On Windows, an attacker can put a malicious executable in the root partition, in order to execute it during the installation of the software. [severity:2/4; BID-55312, CVE-2012-3974, MFSA 2012-67]

When DOMParser analyzes data of type text/html in an extension, linked resources are loaded. [severity:2/4; BID-55311, CVE-2012-3975, MFSA 2012-68]

Information displayed on a SSL certificate can belong to a site previously visited. [severity:3/4; BID-55313, CVE-2012-3976, MFSA 2012-69]

An attacker can use the location object, in order to load restricted contents. [severity:3/4; BID-55306, CVE-2012-3978, MFSA 2012-70]

On Android, an attacker can use the JavaScript dump() function, which uses __android_log_print and corrupts the memory. [severity:3/4; BID-55344, CVE-2012-3979, MFSA 2012-71]

An attacker can evaluate code with chrome privileges in the web console. [severity:3/4; BID-55257, CVE-2012-3980, MFSA 2012-72]

An attacker, who can control HTTPS connections of victim's web browser, can use several SSL sessions compressed with Deflate in order to compute SPDY headers, such as cookies (similar to VIGILANCE-VUL-11952). [severity:1/4; BID-55857, CVE-2012-3977-REJECT, CVE-2012-4930, MFSA 2012-73]
Full Vigil@nce bulletin... (Free trial)

computer vulnerability alert CVE-2012-3535

OpenJPEG: buffer overflow via JPEG2000

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious JPEG2000 image, in order to create a denial of service or to execute code in applications linked to OpenJPEG.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, RHEL, Unix (platform) ~ not comprehensive.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Creation date: 27/08/2012.
Identifiers: BID-55214, CVE-2012-3535, DSA-2629-1, FEDORA-2012-14707, FEDORA-2012-14717, MDVSA-2012:157, MDVSA-2013:110, openSUSE-SU-2012:1370-1, RHSA-2012:1283-01, VIGILANCE-VUL-11896.

Description of the vulnerability

The OpenJPEG library is used by applications which decode JPEG images.

However, when a JPEG2000 image contains invalid color transformation parameters, a buffer overflow occurs.

An attacker can therefore invite the victim to open a malicious JPEG2000 image, in order to create a denial of service or to execute code in applications linked to OpenJPEG.
Full Vigil@nce bulletin... (Free trial)

vulnerability announce CVE-2012-3402 CVE-2012-3403 CVE-2012-3481

GIMP: code execution via PSD, CEL and GIF

Synthesis of the vulnerability

An attacker can invite the victim to open a malicious image with GIMP, in order to generate a buffer or an integer overflow, leading to code execution.
Impacted products: Debian, Fedora, GIMP, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 3/4.
Consequences: user access/rights, denial of service on client.
Provenance: document.
Number of vulnerabilities in this bulletin: 3.
Creation date: 20/08/2012.
Identifiers: BID-55101, BID-55103, CERTA-2013-AVI-145, CERTFR-2014-AVI-112, CVE-2012-3402, CVE-2012-3403, CVE-2012-3481, DSA-2813-1, FEDORA-2012-12364, FEDORA-2012-12383, MDVSA-2012:142, MDVSA-2013:082, openSUSE-SU-2012:1080-1, openSUSE-SU-2012:1131-1, RHSA-2012:1180-01, RHSA-2012:1181-01, SUSE-SU-2012:1027-1, SUSE-SU-2012:1029-1, SUSE-SU-2012:1038-1, VIGILANCE-VUL-11872.

Description of the vulnerability

Three vulnerabilities can occur when GIMP opens a malicious image.

An Adobe Photoshop PSD image containing a malicious header generates a buffer overflow in the read_whole_file() function of the plug-ins/common/psd.c file. [severity:3/4; BID-55103, CVE-2012-3402]

A KiSS CEL image containing a malicious color palette generates a buffer overflow in the load_image() and load_palette() functions of the plug-ins/common/file-cel.c file. [severity:3/4; BID-55101, CVE-2012-3403]

A GIF image containing a malicious header generates a integer overflow. [severity:3/4; BID-55101, CVE-2012-3481]

An attacker can therefore invite the victim to open a malicious image with GIMP, in order to generate a buffer or an integer overflow, leading to code execution.
Full Vigil@nce bulletin... (Free trial)

computer vulnerability announce CVE-2012-3488 CVE-2012-3489

PostgreSQL: file access via XML and XSLT

Synthesis of the vulnerability

An attacker can transmit a malicious XML/XSLT file to PostgreSQL, in order to read a file, or to write to a file.
Impacted products: Debian, Fedora, Mandriva Linux, McAfee Security for Email Servers, openSUSE, Solaris, PostgreSQL, RHEL, SUSE Linux Enterprise Desktop, SLES.
Severity: 2/4.
Consequences: data reading, data creation/edition.
Provenance: document.
Number of vulnerabilities in this bulletin: 2.
Creation date: 17/08/2012.
Identifiers: BID-55072, BID-55074, CERTA-2012-AVI-455, CVE-2012-3488, CVE-2012-3489, DSA-2534-1, FEDORA-2012-12156, FEDORA-2012-12165, MDVSA-2012:139, openSUSE-SU-2012:1251-1, openSUSE-SU-2012:1288-1, openSUSE-SU-2012:1299-1, RHSA-2012:1263-01, RHSA-2012:1264-01, SUSE-SU-2012:1021-1, SUSE-SU-2012:1336-1, VIGILANCE-VUL-11867.

Description of the vulnerability

The PostgreSQL service can process XML/XSLT data. Two vulnerabilities can occur when these data are processed.

An XSLT (transformation) style sheet can contain commands to read or write in external files. For example, "<sax:output ..." (SAXON) indicates the name of a file where to write to. However, the xslt_process() function of the contrib/xml2 module does not disable this feature. [severity:2/4; BID-55072, CVE-2012-3488]

An XML file can contain external entities (DTD) reading a file. For example "<!ENTITY name SYSTEM "file">". However, the xml_parse() function of PostgreSQL does not disable this feature. [severity:2/4; BID-55074, CVE-2012-3489]

An attacker can therefore transmit a malicious XML/XSLT file to PostgreSQL, in order to read a file, or to write to a file.
Full Vigil@nce bulletin... (Free trial)

vulnerability alert CVE-2012-4285 CVE-2012-4286 CVE-2012-4287

Wireshark: thirteen vulnerabilities

Synthesis of the vulnerability

Several vulnerabilities of Wireshark can be used by a remote attacker to create a denial of service or to execute code.
Impacted products: Debian, Fedora, Mandriva Linux, openSUSE, Solaris, RHEL, SUSE Linux Enterprise Desktop, SLES, Wireshark.
Severity: 2/4.
Consequences: privileged access/rights, user access/rights, denial of service on service, denial of service on client.
Provenance: intranet client.
Number of vulnerabilities in this bulletin: 13.
Creation date: 16/08/2012.
Identifiers: BID-55035, CERTA-2012-AVI-457, CERTA-2012-AVI-679, CVE-2012-4285, CVE-2012-4286, CVE-2012-4287, CVE-2012-4288, CVE-2012-4289, CVE-2012-4290, CVE-2012-4291, CVE-2012-4292, CVE-2012-4293, CVE-2012-4294, CVE-2012-4295, CVE-2012-4296, CVE-2012-4297, CVE-2012-4298, DSA-2590-1, FEDORA-2012-12085, FEDORA-2012-12091, MDVSA-2012:134, MDVSA-2012:135, MDVSA-2013:055, openSUSE-SU-2012:1035-1, openSUSE-SU-2012:1067-1, RHSA-2013:0125-01, RHSA-2013:1569-02, SUSE-SU-2012:1168-1, VIGILANCE-VUL-11861, wnpa-sec-2012-13, wnpa-sec-2012-14, wnpa-sec-2012-15, wnpa-sec-2012-16, wnpa-sec-2012-17, wnpa-sec-2012-18, wnpa-sec-2012-19, wnpa-sec-2012-20, wnpa-sec-2012-21, wnpa-sec-2012-22, wnpa-sec-2012-23, wnpa-sec-2012-24, wnpa-sec-2012-25.

Description of the vulnerability

The Wireshark program captures and displays network packets. Protocols are decoded by dissectors. They are impacted by several vulnerabilities.

An attacker can generate a division by zero in the DCP ETSI dissector. [severity:1/4; CVE-2012-4285, wnpa-sec-2012-13]

An attacker can generate a large loop in the MongoDB dissector. [severity:1/4; CVE-2012-4287, wnpa-sec-2012-14]

An attacker can generate a large loop in the XTP dissector. [severity:1/4; CVE-2012-4288, wnpa-sec-2012-15]

An attacker can generate a buffer overflow in the ERF dissector. [severity:2/4; CVE-2012-4294, CVE-2012-4295, wnpa-sec-2012-16]

An attacker can generate a large loop in the AFP dissector. [severity:1/4; CVE-2012-4289, wnpa-sec-2012-17]

An attacker can generate a buffer overflow in the RTPS2 dissector. [severity:2/4; CVE-2012-4296, wnpa-sec-2012-18]

An attacker can generate a buffer overflow in the GSM RLC MAC dissector. [severity:2/4; CVE-2012-4297, wnpa-sec-2012-19]

An attacker can use all the memory via the CIP dissector. [severity:1/4; CVE-2012-4291, wnpa-sec-2012-20]

An attacker can stop the STUN dissector. [severity:1/4; CVE-2012-4292, wnpa-sec-2012-21]

An attacker can stop the EtherCAT Mailbox dissector. [severity:1/4; CVE-2012-4293, wnpa-sec-2012-22]

An attacker can generate a large loop in the CTDB dissector. [severity:1/4; CVE-2012-4290, wnpa-sec-2012-23]

An attacker can generate a division by zero when a pcap-ng file is parsed. [severity:1/4; CVE-2012-4286, wnpa-sec-2012-24]

An attacker can generate a buffer overflow in the Ixia IxVeriWave dissector. [severity:2/4; CVE-2012-4298, wnpa-sec-2012-25]
Full Vigil@nce bulletin... (Free trial)

vulnerability CVE-2012-3527 CVE-2012-3528 CVE-2012-3529

TYPO3: five vulnerabilities

Synthesis of the vulnerability

An attacker can use five vulnerabilities of TYPO3, in order to read data, to execute code, or to create a Cross Site Scripting.
Impacted products: Debian, TYPO3 Core.
Severity: 2/4.
Consequences: user access/rights, client access/rights, data reading.
Provenance: internet client.
Number of vulnerabilities in this bulletin: 5.
Creation date: 16/08/2012.
Identifiers: BID-55052, CERTA-2012-AVI-484, CVE-2012-3527, CVE-2012-3528, CVE-2012-3529, CVE-2012-3530, CVE-2012-3531, DSA-2537-1, TYPO3-CORE-SA-2012-004, VIGILANCE-VUL-11860.

Description of the vulnerability

Five vulnerabilities were announced in TYPO3.

An authenticated attacker can use view_help.php to unserialize an object, in order to execute code. [severity:2/4; CVE-2012-3527]

An authenticated attacker can generate several Cross Site Scripting in the backend. [severity:1/4; CVE-2012-3528]

An authenticated attacker, who is allowed to access to the configuration module, can read the encryption key. [severity:1/4; CVE-2012-3529]

An attacker can generate a Cross Site Scripting, even if t3lib_div::RemoveXSS() and t3lib_div::quoteJSvalue() are used. [severity:2/4; CVE-2012-3530]

An attacker can generate a Cross Site Scripting in the Install Tool. [severity:2/4; CVE-2012-3531]
Full Vigil@nce bulletin... (Free trial)
Our database contains other pages. You can request a free trial to read them.

Display information about Debian Sarge: