=====================================================================
                                    CERT-Renater

                         Note d'Information No. 2008/VULN265
_____________________________________________________________________

DATE                      : 02/07/2008

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running third party extensions for
                                    TYPO3.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-20080701-1/
______________________________________________________________________

TYPO3 Collective Security Bulletin TYPO3-20080701-1: Several
vulnerabilities in third party extensions

Please read first: This Collective Security Bulletin (CSB) is a listing
of vulnerable extensions with neither significant download numbers nor
other special importance amongst the TYPO3 Community. The intention of
CSBs is to reduce the workload of the TYPO3 Security Team and the
authors or maintainers of the extensions with the issues. Nevertheless,
vulnerabilities in TYPO3 core or important extensions will still get the
well-known single Security Bulletin each.

Please read our buzz blog post, which has a detailed explanation on CSBs.

All vulnerabilities affect third party extensions. These extensions are
not part of the TYPO3 default installation



Extension: Codeon Petition (cd_petition)
Affected Versions: 0.0.2 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 0.0.2 (upload date 06/13/2008) is available
from the TYPO3 extension manager and at
typo3.org/extensions/repository/view/cd_petition/0.0.2/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.



Extension: DAM Frontend (dam_frontend)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Broken Access Control, SQL Injection, Improper Error
Handling, Information Disclosure
Severity: HIGH
Solution: The extension authors failed in providing a security fix for
all reported vulnerabilities in a decent amount of time. Please
uninstall and delete the extension folder from your installation. The
extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Marc Bastian Heinrichs and Security Team member
Marcus Krause, who discovered and reported the issues.



Extension: Support view (ext_tbl)
Affected Versions: 0.0.102 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: This extension is no longer maintained by the author. Please
uninstall and delete the extension folder from your installation. The
extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.



Extension: Packman (kb_packman)
Affected Versions: 0.2.1 and all versions below
Vulnerability Type: Incomplete Blacklist
Severity: HIGH
Solution: An updated version 0.2.2 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/kb_packman/0.2.2/.



Extension: KB Unpack (kb_unpack)
Affected Versions: 0.1.0 and all versions below
Vulnerability Type: Incomplete Blacklist
Severity: HIGH
Solution: An updated version 0.1.1 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/kb_unpack/0.1.1/.
Credits: Credits go to Security Team member Marcus Krause, who
discovered and reported the issue.



Extension: Branchenbuch (Yellow Pages) (mh_branchenbuch)
Affected Versions: 0.8.1 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 0.8.2 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/mh_branchenbuch/0.8.2/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.



Extension: SQL Frontend (mh_omsqlio)
Affected Versions: 1.0.11 and all versions below
Vulnerability Type: SQL Injection, Denial of Service (DoS)
Severity: HIGH
Solution: An updated version 1.0.12 is available from the TYPO3
extension manager and at
typo3.org/extensions/repository/view/mh_omsqlio/1.0.12/.
Credits: Credits go to Maximilian Gaukler, Frederic Gaus and Security
Team member Marcus Krause, who discovered and reported the issues.



Extension: News Calendar (newscalendar)
Affected Versions: 1.0.7 and all versions below
Vulnerability Type: SQL Injection
Severity: HIGH
Solution: An updated version 1.0.8 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/newscalendar/1.0.8/.
Credits: Credits go to Georg Ringer, who discovered and reported the issue.



Extension: PDF Generator 2 (pdf_generator2)
Affected Versions: 0.5.0 and all versions below
Vulnerability Type: Information Disclosure, Unprotected test
functionality, Suspectibility to DoS
Severity: Medium
Solution: An updated version 0.5.1 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/pdf_generator2/0.5.1/.
Credits: Credits go to David Krüsemann and Security Team member Henning
Pingel, who discovered and reported the issues.



Extension: Pinboard (pinboard)
Affected Versions: 0.0.6 and all versions below
Vulnerability Type: Blind SQL Injection
Severity: HIGH
Solution: The TYPO3 Security Team did not succeed in contacting the
extension author. Please uninstall and delete the extension folder from
your installation. The extension will no longer be available in the
TYPO3 Extension Repository.
Credits: Credits go to Frederic Gaus, who discovered and reported the issue.



Extension: Industry Database (Branchendatenbank) (pro_industrydb)
Affected Versions: 1.0.0 and all versions below
Vulnerability Type: Insufficient Verification of Data Authenticity
Severity: Medium
Solution: An updated version 1.0.2 is available from the TYPO3 extension
manager and at
typo3.org/extensions/repository/view/pro_industrydb/1.0.2/.
Credits: Credits go to Michael Kornowski, who discovered and reported
the issue.



Extension: Address Directory (sp_directory)
Affected Versions: 0.2.10 and all versions below
Vulnerability Type: Cross Site Scripting (XSS), SQL Injection
Severity: HIGH
Solution: This extension is no longer maintained by the author. Please
uninstall and delete the extension folder from your installation. The
extension will no longer be available in the TYPO3 Extension Repository.
Credits: Credits go to Rupert Germann, Patrick Schuster and Peter
Athmann, who discovered and reported the issues.



General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
in order to receive future Security Bulletins via E-mail.

======================================================================

           =========================================================
           Les serveurs de référence du CERT-Renater
           http://www.urec.fr/securite
           http://www.cru.fr/securite
           http://www.renater.fr
           =========================================================
           + CERT-RENATER          | tel : 01-53-94-20-44          +
           + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
           + 75013 Paris           | email: certsvp@renater.fr     +
           =========================================================