Vigil@nce - Perl CGI: two vulnerabilities
December 2010 by Vigil@nce
This bulletin was written by Vigil@nce : http://vigilance.fr/
SYNTHESIS OF THE VULNERABILITY
An attacker can combine two vulnerabilities of Perl CGI or
CGI::Simple, in order to inject data in a script.
Severity: 2/4
Creation date: 02/12/2010
DESCRIPTION OF THE VULNERABILITY
The Perl CGI and CGI::Simple modules provide features for web
server scripts. They are impacted by two vulnerabilities.
The multipart_init() function generates constant ("---------
=_aaaaaaaaaa0") MIME boundaries for the "multipart/x-mixed-replace"
type. An attacker does not need to guess them. [severity:1/4;
BID-45144]
An attacker can inject linefeeds in HTTP headers. By injecting a
fake "multipart/x-mixed-replace" header, attacker’s data is
interpreted as valid. [severity:2/4; BID-45145, CVE-2010-2761,
CVE-2010-3172, CVE-2010-4410, CVE-2010-4411]
An attacker can therefore combine two vulnerabilities of Perl CGI
or CGI::Simple, in order to inject data in a script.
ACCESS TO THE COMPLETE VIGIL@NCE BULLETIN
http://vigilance.fr/vulnerability/Perl-CGI-two-vulnerabilities-10171