=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2010/VULN138
_____________________________________________________________________

DATE                      : 16/04/2010

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running Frontend User Registration for TYPO3,
                             Tip-A-Friend for TYPO3, 404 Error Page Handling for TYPO3.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-009/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-010/
http://typo3.org/teams/security/security-bulletins/typo3-sa-2010-011/
______________________________________________________________________

TYPO3 Security Bulletin TYPO3-SA-2010-009: Vulnerabilitiy in extension
Frontend User Registration (sr_feuser_register)

Component Type: Third party extension. This extensions is not part of the TYPO3
default installation.

Affected Versions: Version 2.5.24 and all versions below.

Vulnerability Type: Cross Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Release Date: 14.04.2010



Problem Description: Failing to validate and sanitize user input the extension
is susceptible to Cross Site Scripting (XSS), making it possible to execute
arbitrary JavaScript.

Solution: Updated versions are available from the TYPO3 extension manager.

Users are advised to upgrade to extension version 2.5.25 which is available
at http://typo3.org/extensions/repository/view/sr_feuser_register/2.5.25/

General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
to receive future Security Bulletins via E-mail.

Credits: Credits go to Chris John Riley, who discovered and reported the issue.

________________________________________________________________________

TYPO3 Security Bulletin TYPO3-SA-2010-010: Vulnerabilitiy in extension
Tip-A-Friend (tipafriend)
Component Type: Third party extension. This extensions is not part of the
TYPO3 default installation.

Affected Versions: 1.2.3

Vulnerability Type: Cross Site Scripting

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C (What's that?)

Release Date: 14.04.2010



Problem Description: Failing to validate and sanitize user input the extension
is susceptible to Cross Site Scripting (XSS), making it possible to execute
arbitrary JavaScript.

Solution: Updated versions are available from the TYPO3 extension manager.

Users are advised to upgrade to extension version 1.2.4 which is available
at http://typo3.org/extensions/repository/view/tipafriend/1.2.4/

General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
to receive future Security Bulletins via E-mail.

Credits: Credits go to Patrick Broens, who discovered and reported the issue.

________________________________________________________________________

TYPO3 Security Bulletin TYPO3-SA-2010-011: Vulnerabilitiy in extension 404 Error
Page Handling (error_404_handling)
Component Type: Third party extension. This extensions is not part of the
TYPO3 default installation.

Affected Versions: 0.1.1 and all versions below

Vulnerability Type: SQL Injection

Severity: High

Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:U/RL:U/RC:C (What's that?)

Release Date: 14.04.2010



Problem Description: Failing to validate and sanitize user input the extension
is susceptible to SQL Injection, making it possible to manipulate SQL queries
by injecting arbitrary SQL code..

Solution: Versions of this extension that are known to be vulnerable will no
longer be available for download from the TYPO3 Extension Repository. At the
time of writing, we don't know of a security update of the extension regarding
the existing vulnerability, since we have been unable to get in contact with
the author. For the time being please uninstall this extension and delete all
files belonging to it from your TYPO3 installation.

Solution: Should the author decide to reply to our request and provide a fixed
version, the extension could return to the TYPO3 Extension Repository.

General advice: Follow the recommendations that are given in the TYPO3 Security
Cookbook. Please subscribe to the typo3-announce mailing list to receive future
Security Bulletins via E-mail.

Credits: Credits go to Frederic Gaus, who discovered and reported the issue.


======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 151 bd de l'Hopital   | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================