cvelistv5 - cve-2009-0258

CVE-2009-0258 (GCVE-0-2009-0258)

Vulnerability from cvelistv5

Published

2009-01-22 23:00

Modified

2024-08-07 04:24

Severity ?

CWE

Summary

The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer.

References

URL

Tags

	http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	x_refsource_CONFIRM
	http://secunia.com/advisories/33617	third-party-advisory, x_refsource_SECUNIA
	http://www.debian.org/security/2009/dsa-1711	vendor-advisory, x_refsource_DEBIAN
	https://exchange.xforce.ibmcloud.com/vulnerabilities/48138	vdb-entry, x_refsource_XF
	http://www.securityfocus.com/bid/33376	vdb-entry, x_refsource_BID
	http://www.openwall.com/lists/oss-security/2009/01/23/4	mailing-list, x_refsource_MLIST
	http://secunia.com/advisories/33679	third-party-advisory, x_refsource_SECUNIA

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-07T04:24:18.496Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
          },
          {
            "name": "33617",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33617"
          },
          {
            "name": "DSA-1711",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2009/dsa-1711"
          },
          {
            "name": "typo3-indexedsearch-command-execution(48138)",
            "tags": [
              "vdb-entry",
              "x_refsource_XF",
              "x_transferred"
            ],
            "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
          },
          {
            "name": "33376",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/33376"
          },
          {
            "name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
          },
          {
            "name": "33679",
            "tags": [
              "third-party-advisory",
              "x_refsource_SECUNIA",
              "x_transferred"
            ],
            "url": "http://secunia.com/advisories/33679"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2009-01-21T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2017-08-07T12:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
        },
        {
          "name": "33617",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33617"
        },
        {
          "name": "DSA-1711",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2009/dsa-1711"
        },
        {
          "name": "typo3-indexedsearch-command-execution(48138)",
          "tags": [
            "vdb-entry",
            "x_refsource_XF"
          ],
          "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
        },
        {
          "name": "33376",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/33376"
        },
        {
          "name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
        },
        {
          "name": "33679",
          "tags": [
            "third-party-advisory",
            "x_refsource_SECUNIA"
          ],
          "url": "http://secunia.com/advisories/33679"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2009-0258",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The Indexed Search Engine (indexed_search) system extension in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 allows remote attackers to execute arbitrary commands via a crafted filename containing shell metacharacters, which is not properly handled by the command-line indexer."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/",
              "refsource": "CONFIRM",
              "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
            },
            {
              "name": "33617",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33617"
            },
            {
              "name": "DSA-1711",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2009/dsa-1711"
            },
            {
              "name": "typo3-indexedsearch-command-execution(48138)",
              "refsource": "XF",
              "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48138"
            },
            {
              "name": "33376",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/33376"
            },
            {
              "name": "[oss-security] 20090123 Re: CVE id request: typo3 SA-2009-001",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2009/01/23/4"
            },
            {
              "name": "33679",
              "refsource": "SECUNIA",
              "url": "http://secunia.com/advisories/33679"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2009-0258",
    "datePublished": "2009-01-22T23:00:00.000Z",
    "dateReserved": "2009-01-22T00:00:00.000Z",
    "dateUpdated": "2024-08-07T04:24:18.496Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CERTA-2009-AVI-024

Vulnerability from certfr_avis

De multiples vulnérabilités dans TYPO3 permettent une exécution de commandes arbitraires à distance, diverses injections de code indirectes ou un contournement de la politique de sécurité.

Description

De multiples vulnérabilités ont été découvertes dans TYPO3 :

la clé de chiffrement utilisée par TYPO3 a une faible entropie ;
les jetons de session ne sont pas correctement invalidés et peuvent être rejoués ;
le moteur de recherche indexée ne filtre pas correctement les paramètres, ce qui permet une exécution de commandes arbitraires à distance. Par ailleurs, le nom et le contenu des fichiers à indexer ne sont pas non plus correctement filtrés, ce qui permet de réaliser des attaques de type cross-site scripting ;
des attaques de type cross-site scripting sont possibles via les composants ADOdb et Workspace.

Solution

Mettre à jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L'application des mises à jour ne suffit pas à corriger toutes les vulnérabilités, il est également nécessaire de créer une nouvelle clé de chiffrement. Cette procédure est décrite dans le bulletin de sécurité de l'éditeur (voir section Documentation).

None

Impacted products

Vendor	Product	Description
Typo3	Typo3	TYPO3 versions 4.2.0 à 4.2.3.
Typo3	Typo3	TYPO3 versions 4.0.0 à 4.0.9 ;
Typo3	Typo3	TYPO3 versions 4.1.0 à 4.1.7 ;

References

Title

Publication Time

Tags

Bulletin de sécurité TYPO3-SA-2009-001	None	vendor-advisory
Référence CVE CVE-2009-0258 :	-	other
Référence CVE CVE-2009-0257 :	-	other
Référence CVE CVE-2009-0255 :	-	other
Référence CVE CVE-2009-0256 :	-	other

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "TYPO3 versions 4.2.0 \u00e0 4.2.3.",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.0.0 \u00e0 4.0.9 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    },
    {
      "description": "TYPO3 versions 4.1.0 \u00e0 4.1.7 ;",
      "product": {
        "name": "Typo3",
        "vendor": {
          "name": "Typo3",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Description\n\nDe multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans TYPO3 :\n\n-   la cl\u00e9 de chiffrement utilis\u00e9e par TYPO3 a une faible entropie ;\n-   les jetons de session ne sont pas correctement invalid\u00e9s et peuvent\n    \u00eatre rejou\u00e9s ;\n-   le moteur de recherche index\u00e9e ne filtre pas correctement les\n    param\u00e8tres, ce qui permet une ex\u00e9cution de commandes arbitraires \u00e0\n    distance. Par ailleurs, le nom et le contenu des fichiers \u00e0 indexer\n    ne sont pas non plus correctement filtr\u00e9s, ce qui permet de r\u00e9aliser\n    des attaques de type cross-site scripting ;\n-   des attaques de type cross-site scripting sont possibles via les\n    composants ADOdb et Workspace.\n\n## Solution\n\nMettre \u00e0 jour TYPO3 en version 4.0.10, 4.1.8 ou 4.2.4. L\u0027application des\nmises \u00e0 jour ne suffit pas \u00e0 corriger toutes les vuln\u00e9rabilit\u00e9s, il est\n\u00e9galement n\u00e9cessaire de cr\u00e9er une nouvelle cl\u00e9 de chiffrement. Cette\nproc\u00e9dure est d\u00e9crite dans le bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur (voir\nsection Documentation).\n",
  "cves": [
    {
      "name": "CVE-2009-0257",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0257"
    },
    {
      "name": "CVE-2009-0255",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0255"
    },
    {
      "name": "CVE-2009-0256",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0256"
    },
    {
      "name": "CVE-2009-0258",
      "url": "https://www.cve.org/CVERecord?id=CVE-2009-0258"
    }
  ],
  "initial_release_date": "2009-01-21T00:00:00",
  "last_revision_date": "2009-01-21T00:00:00",
  "links": [
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0258 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-258"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0257 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-257"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0255 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-255"
    },
    {
      "title": "R\u00e9f\u00e9rence CVE CVE-2009-0256 :",
      "url": "http://cve.mitre.org/cgi-bin/cvename.cge?name=CVE-2009-256"
    }
  ],
  "reference": "CERTA-2009-AVI-024",
  "revisions": [
    {
      "description": "version initiale.",
      "revision_date": "2009-01-21T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injections de code indirectes"
    },
    {
      "description": "Ex\u00e9cution de commandes arbitraires \u00e0 distance"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s dans \u003cspan class=\"textit\"\u003eTYPO3\u003c/span\u003e\npermettent une ex\u00e9cution de commandes arbitraires \u00e0 distance, diverses\ninjections de code indirectes ou un contournement de la politique de\ns\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans TYPO3",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 TYPO3-SA-2009-001",
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2009-0258 (GCVE-0-2009-0258)

Vulnerability from cvelistv5

CERTA-2009-AVI-024

Vulnerability from certfr_avis

Description

Solution

Tags

Sightings

Nomenclature