| Summary: | CVE-2011-2766: perl fcgi module does not properly clean up certain environment variables between subsequent requests | ||
|---|---|---|---|
| Product: | Mageia | Reporter: | Nicolas Vigier <boklm> |
| Component: | Security | Assignee: | QA Team <qa-bugs> |
| Status: | RESOLVED FIXED | QA Contact: | |
| Severity: | normal | ||
| Priority: | Normal | CC: | dmorganec, jquelin, stormi-mageia, sysadmin-bugs |
| Version: | 1 | Keywords: | validated_update |
| Target Milestone: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Source RPM: | perl-FCGI | CVE: | |
| Status comment: | |||
| Attachments: | Test fast cgi | ||
|
Description
Nicolas Vigier
2011-09-13 17:04:15 CEST
Manuel Hiebel
2011-09-17 23:47:09 CEST
Assignee:
bugsquad =>
jquelin perl-FCGI 0.74 available in cauldron & in mageia 1 core/updates_testing CC:
(none) =>
jquelin This is quite specialised and difficult to QA. Could you provide some testing procedures for this one please. Thankyou. claire, i don't really know how to test this specific bug. maybe by checking the link in comment 0? The package is perl-FCGI-0.740.0-1.mga1. According to updates policy it should be perl-FCGI-0.740.0-1.1.mga1, as every update should have a subrel (I know, it can be argued, but it's the policy as it has been chosen after public discussion). It will be hard to test the security fix so I think we must just test that we can make use of this package. Does someone have a good and quick howto to follow in order to use it? CC:
(none) =>
stormi Created attachment 918 [details] Test fast cgi Testing complete on i586. Using the example from http://www.fastcgi.com/devkit/doc/fastcgi-prog-guide/ch3perl.htm The attachment should be saved in /var/www/cgi-bin as fcgi.cgi. Also, chmod a+x fcgi.cgi When loading http://127.0.0.1/cgi-bin/fcgi.cgi it shows ... FastCGI Demo Page (perl) This is coming from a FastCGI server. Running on 127.0.0.1 to This is connection number 1 Saved the day again Dave! Tested x86_64. Update validated. Advisory: ------------------ It was found that the perl Fast CGI module did not properly clean up certain environment variables, related to a particular HTTP request, between subsequent incoming requests. Any environment variable set in the first pass through the code by processing the first request, that wasn't set in some subsequent request, has been added to the hash containing environment variables for that subsequent request. A remote attacker could use this flaw to bypass the authentication process and obtain access to resources, which would be otherwise protected by authentication. Debian bug report : http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=607479 On redhat bugzilla : https://bugzilla.redhat.com/show_bug.cgi?id=736604 Upstream bug report : https://rt.cpan.org/Public/Bug/Display.html?id=68380 -------------------- SRPM: perl-FCGI-0.740.0-1.mga1.src.rpm Could sysadmin please push from core/updates_testing to core/updates Thankyou! Keywords:
(none) =>
validated_update update pushed. Status:
NEW =>
RESOLVED |