TYPO3-20080701-1: TYPO3 Security Bulletin

Several vulnerabilities have been found in TYPO3 third party extensions.

Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers nor other special importance amongst the TYPO3 Community. The intention of CSBs is to reduce the workload of the TYPO3 Security Team and the authors or maintainers of the extensions with the issues. Nevertheless, vulnerabilities in TYPO3 core or important extensions will still get the well-known single Security Bulletin each.

Please read our buzz blog post, which has a detailed explanation on CSBs.

All vulnerabilities affect third party extensions. These extensions are not part of the TYPO3 default installation

Extension: Codeon Petition (cd_petition)
Affected Versions: 0.0.2 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 0.0.2 (upload date 06/13/2008) is available from the TYPO3 extension manager and at typo3.org/extensions/repository/view/cd_petition/0.0.2/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.

Extension: DAM Frontend (dam_frontend)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Broken Access Control, SQL Injection, Improper Error Handling, Information Disclosure
Severity: HIGH
Solution: The extension authors failed in providing a security fix for all reported vulnerabilities in a decent amount of time. Please uninstall and delete the extension folder from your installation. The extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Marc Bastian Heinrichs and Security Team member Marcus Krause, who discovered and reported the issues.

Extension: Support view (ext_tbl)
Affected Versions: 0.0.102 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: This extension is no longer maintained by the author. Please uninstall and delete the extension folder from your installation. The extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.

Extension: Packman (kb_packman)
Affected Versions: 0.2.1 and all versions below
Vulnerability Type: Incomplete Blacklist
Severity: HIGH
Solution: An updated version 0.2.2 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/kb_packman/0.2.2/.

Extension: KB Unpack (kb_unpack)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Incomplete Blacklist
Severity: HIGH
Solution: An updated version 0.1.1 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/kb_unpack/0.1.1/.
Credits: Credits go to Security Team member Marcus Krause, who discovered and reported the issue.

Extension: Branchenbuch (Yellow Pages) (mh_branchenbuch)
Affected Versions: 0.8.1 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 0.8.2 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/mh_branchenbuch/0.8.2/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.

Extension: SQL Frontend (mh_omsqlio)
Affected Versions: 1.0.11 and all versions below
Vulnerability Type: SQL Injection, Denial of Service (DoS)
Severity: HIGH
Solution: An updated version 1.0.12 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/mh_omsqlio/1.0.12/.
Credits: Credits go to Maximilian Gaukler, Frederic Gaus and Security Team member Marcus Krause, who discovered and reported the issues.

Extension: News Calendar (newscalendar)
Affected Versions: 1.0.7 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 1.0.8 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/newscalendar/1.0.8/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.

Extension: PDF Generator 2 (pdf_generator2)
Affected Versions: 0.5.0 and all versions below
Vulnerability Type: Information Disclosure, Unprotected test functionality, Suspectibility to DoS
Severity: Medium
Solution: An updated version 0.5.1 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/pdf_generator2/0.5.1/.
Credits: Credits go to David Krüsemann and Security Team member Henning Pingel, who discovered and reported the issues.

Extension: Pinboard (pinboard)
Affected Versions: 0.0.6 and all versions below
Vulnerability Type: Blind SQL Injection
Severity: HIGH
Solution: The TYPO3 Security Team did not succeed in contacting the extension author. Please uninstall and delete the extension folder from your installation. The extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Frederic Gaus, who discovered and reported the issue.

Extension: Industry Database (Branchendatenbank) (pro_industrydb)
Affected Versions: 1.0.0 and all versions below
Vulnerability Type: Insufficient Verification of Data Authenticity
Severity: Medium
Solution: An updated version 1.0.2 is available from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/pro_industrydb/1.0.2/.
Credits: Credits go to Michael Kornowski, who discovered and reported the issue.

Extension: Address Directory (sp_directory)
Affected Versions: 0.2.10 and all versions below
Vulnerability Type: Cross Site Scripting (XSS), SQL Injection
Severity: HIGH
Solution: This extension is no longer maintained by the author. Please uninstall and delete the extension folder from your installation. The extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Rupert Germann, Patrick Schuster and Peter Athmann, who discovered and reported the issues.

General advice: Follow the recommendations that are given in the TYPO3 SECURITY Guide. Please subscribe to the typo3-announce mailing list in order to receive future Security Bulletins via E-mail.