Mandriva Update For Perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in perl-CGI-Simple: The multipart_init function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier uses a hardcoded value of the MIME boundary string in multipart/x-mixed-replace content, which allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via crafted input that contains this value, a different vulnerability than CVE-2010-3172 (CVE-2010-2761). The updated packages have been patched to correct this issue.

Affected

perl-CGI-Simple on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-2761, CVE-2010-3172

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:163 (tomcat5)
Mandrake Security Advisory MDVSA-2009:043 (gnumeric)
Mandrake Security Advisory MDVSA-2009:167 (php)
Mandrake Security Advisory MDVSA-2009:080 (glib2.0)
Mandrake Security Advisory MDVSA-2009:172 (dhcp)

Mandriva Update for perl-CGI-Simple MDVSA-2010:250 (perl-CGI-Simple)

Take action and discover your vulnerabilities