TYPO3-EXT-SA-2011-012: Several vulnerabilities in third party extensions

Several vulnerabilities have been found in the following third-party TYPO3 extensions: mm_hutinfo, np_indexed_search_stat, rzcolorbox, t3c_podcasts, winning_game, tgm_gallery, tgmv_gallery, bps_shib, dev_null_robots, dhc_inflationcal, dam_frontend, rtg_files, mg_rooms, gridelements

Release Date: September 28, 2011

Update: September 30, 2011

Please read first: This Collective Security Bulletin (CSB) is a listing of vulnerable extensions with neither significant download numbers, nor other special importance amongst the TYPO3 Community. The intention of CSBs is to reduce the workload of the TYPO3 Security Team and of the maintainers of extensions with vulnerabilities. Nevertheless, vulnerabilities in TYPO3 core or important extensions will still get the well-known single Security Bulletin each.

Please read our buzz blog post, which has a detailed explanation on CSBs.

All vulnerabilities affect third-party extensions. These extensions are not part of the TYPO3 default installation.

 

 

Extension: mg_rooms (mg_rooms)

Affected Versions: 0.0.2 and all versions below

Vulnerability Type: SQL Injection, Cross-Site Scripting

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Christian Seifert who discovered and reported this issue.

 

Extension: Hut-Manager (mm_hutinfo)

Affected Versions: 1.0.0 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 1.0.1) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/mm_hutinfo/1.0.1/.

Credits: Credits go to Security Team Member Georg Ringer who discovered and reported this issue.

 

 

Extension: dev/null robots.txt (dev_null_robots)

Affected Versions: 1.0.1

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: Update to version 1.0.2 or above. At the time of writing the version 1.2.0 is available from the TYPO3 extension manager and at http://typo3.org/extensions/repository/view/dev_null_robots/1.2.0/.

Credits: Credits go to Security Team Member Marcus Krause who discovered and reported this issue.

 

 

Extension: DAM Frontend (dam_frontend)

Affected Versions: 0.6.5 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 0.6.6) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/dam_frontend/0.6.6/.

Credits: Credits go to Security Team Member Marcus Krause who discovered and reported this issue.

 

Extension: RTG Files (rtg_files)

Affected Versions: 1.5.1 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 1.5.2) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/rtg_files/1.5.2/.

Credits: Credits go to Security Team Member Sebastian Böttger who discovered and reported this issue.

 

 

Extension: TGM gallery (tgm_gallery)

Affected Versions: 0.0.2 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 0.0.3) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/tgm_gallery/0.0.3/.

Note: The extension author informed us that he is no longer maintaining this extension. The extension has been marked obsolete. You are encouraged to replace it with an alternative extension when being used.

Credits: Credits go to extension author Steffen Thierock who discovered and reported this issue.

 

 

Extension: tgmv gallery (tgmv_gallery)

Affected Versions: 0.0.3 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 1.0.1) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/tgmv_gallery/0.0.4/.

Note: The extension author informed us that he is no longer maintaining this extension. The extension has been marked obsolete. You are encouraged to replace it with an alternative extension when being used.

Credits: Credits go to extension author Steffen Thierock who discovered and reported this issue.

 

 

Extension: Indexed Search Statistics (np_indexed_search_stat)

Affected Versions: 0.0.5 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 0.0.6) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/np_indexed_search_stat/0.0.6/.

Credits: Credits go to Laurent Cherpit who discovered and reported this issue.

 

 

Extension: jQuery Colorbox (rzcolorbox)

Affected Versions: 1.3.5 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Solution: An update (version 1.4.0) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/rzcolorbox/1.4.0/.

Credits: Credits go to Chris Müller who discovered and reported this issue.

 

 

Extension: T3C Podcasts (t3c_podcasts)

Affected Versions: 1.0.3 and below

Vulnerability Type: Inclusion of Web Functionality from an Untrusted Source

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Frank Nägler who discovered and reported this issue.

 

 

Extension: winning_game (winning_game)

Affected Versions: 1.2.0 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The author will not maintain the extension any more. Please uninstall this extension and delete all files belonging to it from your TYPO3 installation.

Credits: Credits go to Alex Kellner who discovered and reported this issue.

 

 

Extension: Frontend Shibboleth Protection (bps_shib)

Affected Versions: 1.0.0

Vulnerability Type: Authentication bypass

Severity: High

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:C/I:N/A:N/E:U/RL:U/RC:C (What's that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.

Note: Should the author decide to reply to our request and provide a fixed version, the extension could return to the TYPO3 Extension Repository.

Credits: Credits go to Franz G. Jahn who discovered and reported this issue.

 

 

Extension: Inflation-Calculator (dhc_inflationcal)

Affected Versions: 1.0.0

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The author will not maintain the extension any more. Please uninstall this extension and delete all files belonging to it from your TYPO3 installation.

Credits: Credits go to Security Team member Georg Ringer who discovered and reported this issue.

 

 

Extension: Gridelelements (gridelements)

Affected Versions: 0.1.0 and all versions below

Vulnerability Type: Cross-Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Solution: An update (version 0.2.0) is available from the TYPO3 extension manager and athttp://typo3.org/extensions/repository/view/gridelements/0.2.0/.

Credits: Credits go to Security Team member Georg Ringer who discovered and reported this issue.

 

 

General advice: Follow the recommendations that are given in the TYPO3 Security Cookbook. Please subscribe to thetypo3-announce mailing list to receive future Security Bulletins via E-mail.