Debian Security Advisory DSA 1439-1 (typo3-src) Network Vulnerability

Summary

The remote host is missing an update to typo3-src announced via advisory DSA 1439-1.

Solution

https://secure1.securityspace.com/smysecure/catid.html?in=DSA%201439-1

Insight

Henning Pingel discovered that TYPO3, a web content management framework, performs insufficient input sanitising, making it vulnerable to SQL injection by logged-in backend users. For the stable distribution (etch), this problem has been fixed in version typo3-src 4.0.2+debian-4. The old stable distribution (sarge) doesn't contain typo3-src. For the unstable distribution (sid) and for the testing distribution (lenny), this problem has been fixed in version 4.1.5-1. We recommend that you upgrade your typo3-src packages.

Severity

Classification

CVE CVE-2007-6381

CVSS	Base Score: 6.5 AV:N/AC:L/Au:S/C:P/I:P/A:P

Related Vulnerabilities

Debian Security Advisory DSA 1155-2 (sendmail)
Debian Security Advisory DSA 1014-1 (firebird2)
Debian Security Advisory DSA 1081-1 (libextractor)
Debian Security Advisory DSA 1059-1 (quagga)
Debian Security Advisory DSA 086-1 (ssh-nonfree, ssh-socks)

Take action and discover your vulnerabilities