SB2014060304 - Multiple vulnerabilities in TYPO3

Description

This security bulletin contains information about 2 secuirty vulnerabilities.

1) Improper Authentication (CVE-ID: CVE-2014-3945)

The vulnerability allows a remote non-authenticated attacker to read and manipulate data.

The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remote attackers to bypass authentication and gain access to the backend by leveraging knowledge of a password hash.

2) Code Injection (CVE-ID: CVE-2014-3942)

The vulnerability allows a remote #AU# to read and manipulate data.

The Color Picker Wizard component in TYPO3 4.5.0 before 4.5.34, 4.7.0 before 4.7.19, 6.0.0 before 6.0.14, and 6.1.0 before 6.1.9 allows remote authenticated editors to execute arbitrary PHP code via a serialized PHP object.

Remediation

Install update from vendor's website.

References

• http://typo3.org/teams/security/security-bulletins/typo3-core/typo3-core-sa-2014-001/
• http://www.debian.org/security/2014/dsa-2942
• http://www.openwall.com/lists/oss-security/2014/06/03/2
• http://lists.opensuse.org/opensuse-updates/2014-06/msg00037.html