CVE-2009-0255 - OpenCVE

The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Typo3	Typo3

Configuration 1 [-]

OR	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::
	cpe:2.3:a:typo3:typo3::::::::

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*

References

Link	Resource
http://secunia.com/advisories/33617	Broken Link Vendor Advisory
http://secunia.com/advisories/33679	Broken Link Vendor Advisory
http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/	Vendor Advisory
http://www.debian.org/security/2009/dsa-1711	Mailing List
http://www.securityfocus.com/bid/33376	Broken Link Third Party Advisory VDB Entry
https://exchange.xforce.ibmcloud.com/vulnerabilities/48132	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-01-22T23:00:00

Updated: 2017-08-07T12:57:01

Reserved: 2009-01-22T00:00:00

Link: CVE-2009-0255

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-01-22T23:30:00.203

Modified: 2024-02-14T16:10:04.203

Link: CVE-2009-0255

JSON object: View

Redhat Information

No data.

CWE

CWE-330

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-21T00:00:00", "descriptions": [{"lang": "en", "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"}, {"name": "33617", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33617"}, {"name": "DSA-1711", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2009/dsa-1711"}, {"name": "typo3-installtool-weak-security(48132)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"}, {"name": "33376", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33376"}, {"name": "33679", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33679"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0255", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/", "refsource": "CONFIRM", "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"}, {"name": "33617", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33617"}, {"name": "DSA-1711", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2009/dsa-1711"}, {"name": "typo3-installtool-weak-security(48132)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"}, {"name": "33376", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33376"}, {"name": "33679", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33679"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0255", "datePublished": "2009-01-22T23:00:00", "dateReserved": "2009-01-22T00:00:00", "dateUpdated": "2017-08-07T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "FCD45EC2-1866-4CFC-B841-8B0B879B5565", "versionEndExcluding": "4.0.10", "versionStartIncluding": "4.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "EB66C8C2-1FAE-4C54-9284-A940CBEDBC00", "versionEndExcluding": "4.1.8", "versionStartIncluding": "4.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*", "matchCriteriaId": "BBFEC718-5811-4B4D-96CF-A37488974D4A", "versionEndExcluding": "4.2.4", "versionStartIncluding": "4.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:*", "matchCriteriaId": "0F92AB32-E7DE-43F4-B877-1F41FA162EC7", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The System extension Install tool in TYPO3 4.0.0 through 4.0.9, 4.1.0 through 4.1.7, and 4.2.0 through 4.2.3 creates the encryption key with an insufficiently random seed, which makes it easier for attackers to crack the key."}, {"lang": "es", "value": "La herramienta de instalaci\u00f3n de extensiones del sistema en TYPO3 v4.0.9 a v4.0.0, v4.1.0 a v4.1.7, v4.2.0 y v4.2.3 crea la clave de encriptaci\u00f3n con una insuficiente aleatoriedad en la semilla, lo que facilita craquear la clave a los atacantes."}], "id": "CVE-2009-0255", "lastModified": "2024-02-14T16:10:04.203", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2009-01-22T23:30:00.203", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/33617"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Vendor Advisory"], "url": "http://secunia.com/advisories/33679"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://typo3.org/teams/security/security-bulletins/typo3-sa-2009-001/"}, {"source": "cve@mitre.org", "tags": ["Mailing List"], "url": "http://www.debian.org/security/2009/dsa-1711"}, {"source": "cve@mitre.org", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/33376"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48132"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-330"}], "source": "nvd@nist.gov", "type": "Primary"}]}