Mandriva Update For Perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple) Network Vulnerability

Solution

Please Install the Updated Packages.

Insight

A vulnerability was discovered and corrected in perl-CGI-Simple: CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172 (CVE-2010-4410). The updated packages have been patched to correct this issue.

Affected

perl-CGI-Simple on Mandriva Enterprise Server 5, Mandriva Enterprise Server 5/X86_64

Severity

Classification

CVE CVE-2010-2761, CVE-2010-3172, CVE-2010-4410

CVSS	Base Score: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

Related Vulnerabilities

Mandrake Security Advisory MDVSA-2009:120 (openssl)
Mandrake Security Advisory MDVSA-2009:046 (dia)
Mandrake Security Advisory MDVSA-2009:174 (perl-Compress-Raw-Zlib)
Mandrake Security Advisory MDVSA-2009:176 (git)
Mandrake Security Advisory MDVSA-2009:180 (compface)

Mandriva Update for perl-CGI-Simple MDVSA-2010:252 (perl-CGI-Simple)

Take action and discover your vulnerabilities