PublicDateAtUSN: 2010-12-06 Candidate: CVE-2010-4410 PublicDate: 2010-12-06 20:13:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4410 http://cpansearch.perl.org/src/LDS/CGI.pm-3.50/Changes http://openwall.com/lists/oss-security/2010/12/01/1 https://ubuntu.com/security/notices/USN-1129-1 Description: CRLF injection vulnerability in the header function in (1) CGI.pm before 3.50 and (2) Simple.pm in CGI::Simple 1.112 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via vectors related to non-whitespace characters preceded by newline characters, a different vulnerability than CVE-2010-2761 and CVE-2010-3172. Ubuntu-Description: Notes: mdeslaur> debian fix in perl is cgi-multiline-header.diff Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606370 (libcgi-pm-perl) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606379 (libcgi-simple-perl) http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=606995 (perl) Priority: medium Discovered-by: Assigned-to: CVSS: Patches_libcgi-pm-perl: upstream: http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1 upstream_libcgi-pm-perl: released (3.50-1) dapper_libcgi-pm-perl: DNE hardy_libcgi-pm-perl: DNE karmic_libcgi-pm-perl: ignored (reached end-of-life) lucid_libcgi-pm-perl: ignored (reached end-of-life) maverick_libcgi-pm-perl: ignored (reached end-of-life) natty_libcgi-pm-perl: not-affected (3.50-1) oneiric_libcgi-pm-perl: not-affected (3.50-1) precise_libcgi-pm-perl: not-affected (3.50-1) quantal_libcgi-pm-perl: not-affected (3.50-1) raring_libcgi-pm-perl: not-affected (3.50-1) saucy_libcgi-pm-perl: not-affected (3.50-1) devel_libcgi-pm-perl: not-affected (3.50-1) Patches_libcgi-simple-perl: upstream_libcgi-simple-perl: released (1.111-2) dapper_libcgi-simple-perl: ignored (reached end-of-life) hardy_libcgi-simple-perl: ignored (reached end-of-life) karmic_libcgi-simple-perl: ignored (reached end-of-life) lucid_libcgi-simple-perl: ignored (reached end-of-life) maverick_libcgi-simple-perl: ignored (reached end-of-life) natty_libcgi-simple-perl: not-affected (1.111-2) oneiric_libcgi-simple-perl: not-affected (1.111-2) precise_libcgi-simple-perl: not-affected (1.111-2) quantal_libcgi-simple-perl: not-affected (1.111-2) raring_libcgi-simple-perl: not-affected (1.111-2) saucy_libcgi-simple-perl: not-affected (1.111-2) devel_libcgi-simple-perl: not-affected (1.111-2) Patches_perl: upstream: http://perl5.git.perl.org/perl.git/commit/84601d63a7e34958da47dad1e61e27cb3bd467d1 upstream_perl: released (5.10.1-17) dapper_perl: released (5.8.7-10ubuntu1.3) hardy_perl: released (5.8.8-12ubuntu0.5) karmic_perl: ignored (reached end-of-life) lucid_perl: released (5.10.1-8ubuntu2.1) maverick_perl: released (5.10.1-12ubuntu2.1) natty_perl: not-affected (5.10.1-17ubuntu1) oneiric_perl: not-affected (5.10.1-17ubuntu1) precise_perl: not-affected (5.10.1-17ubuntu1) quantal_perl: not-affected (5.10.1-17ubuntu1) raring_perl: not-affected (5.10.1-17ubuntu1) saucy_perl: not-affected (5.10.1-17ubuntu1) devel_perl: not-affected (5.10.1-17ubuntu1)