=====================================================================
                                   CERT-Renater

                        Note d'Information No. 2011/VULN384
_____________________________________________________________________

DATE                      : 13/05/2011

HARDWARE PLATFORM(S)      : /

OPERATING SYSTEM(S)       : Systems running powermail for TYPO3
                                         Version 1.6.0, 1.6.1, 1.6.2.

======================================================================
http://typo3.org/teams/security/security-bulletins/typo3-sa-2011-004/
_______________________________________________________________________

TYPO3 Security Bulletin TYPO3-SA-2011-004: Blind SQL Injection
vulnerability in extension "powermail" (powermail)

Release Date: May 11, 2011 (Version 1)

Component Type: Third party extension. This extension is not a part of
the TYPO3 default installation.

Affected Versions: Version 1.6.0, 1.6.1 and 1.6.2

Vulnerability Type: Blind SQL Injection

Severity: Medium

Suggested CVSS v2.0: AV:N/AC:M/Au:S/C:P/I:N/A:N/E:F/RL:OF/RC:C (What's
that?)

Problem Description: Failing to properly sanitize user-supplied input
the extension is open to Blind SQL Injection attacks. The
vulnerabilities allow website editors to inject arbitrary code in
database queries. Exploiting this flaw requires TYPO3 editor permissions
and granted access to the powermail administration module.



Solution: An updated version 1.6.3 is available from the TYPO3 extension
manager and at
http://typo3.org/extensions/repository/view/powermail/1.6.3/. Users of
the extension are advised to update the extension as soon as possible.

Update (May 11): In contrary to the initial version of the bulletin, the
vulnerability only affects extension versions 1.6.X whereas version
1.6.3 fixes the issue.

Credits: Credits go to powermail team who discovered and fixed the issue.



General advice: Follow the recommendations that are given in the TYPO3
Security Cookbook. Please subscribe to the typo3-announce mailing list
to receive future Security Bulletins via E-mail.

======================================================================

          =========================================================
          Les serveurs de référence du CERT-Renater
          http://www.urec.fr/securite
          http://www.cru.fr/securite
          http://www.renater.fr
          =========================================================
          + CERT-RENATER          | tel : 01-53-94-20-44          +
          + 23 - 25 Rue Daviel    | fax : 01-53-94-20-41          +
          + 75013 Paris           | email: certsvp@renater.fr     +
          =========================================================