877015 – (CVE-2012-5526) CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

Bug 877015 (CVE-2012-5526) - CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Set-Cookie and P3P headers

Summary: CVE-2012-5526 perl-CGI: Newline injection due to improper CRLF escaping in Se...

Keywords:
Status:	CLOSED ERRATA
Alias:	CVE-2012-5526
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	876974 915690 915691 915692 915693
Blocks:	877037
TreeView+	depends on / blocked

Reported:	2012-11-15 14:37 UTC by Jan Lieskovsky
Modified:	2019-09-29 12:57 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2013-03-26 20:01:37 UTC
Embargoed:

Attachments	(Terms of Use)
Upstream fix (2.80 KB, patch) 2012-11-16 08:56 UTC, Petr Pisar	no flags	Details \| Diff
Fix ported to perl-5.10.1 (3.22 KB, patch) 2013-03-04 11:25 UTC, Petr Pisar	no flags	Details \| Diff
Fix ported to perl-5.8.8 (2.41 KB, patch) 2013-03-04 15:44 UTC, Petr Pisar	no flags	Details \| Diff
View All

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHSA-2013:0685	0	normal	SHIPPED_LIVE	Moderate: perl security update	2013-03-26 23:26:59 UTC

Description Jan Lieskovsky 2012-11-15 14:37:53 UTC

A security flaw was found in the way CGI.pm, a Perl module to handle Common Gateway Interface requests and responses, performed sanitization of values to be used for Set-Cookie and P3P headers. If a Perl CGI.pm module based CGI application reused cookies values and accepted untrusted input from web browser(s), a remote attacker could use this flaw to in an unauthorized way alter member items of the cookie or add new items.

References:
[1] http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
[2] https://github.com/markstos/CGI.pm/pull/23
[3] https://bugzilla.redhat.com/show_bug.cgi?id=876974

Comment 1 Jan Lieskovsky 2012-11-15 14:41:33 UTC

This issue affects the versions of the perl-CGI package, as shipped with Fedora release of 16 and 17. Please schedule an update.

Comment 2 Jan Lieskovsky 2012-11-15 14:49:09 UTC

CVE Request:
[4] http://www.openwall.com/lists/oss-security/2012/11/15/4

Comment 3 Jan Lieskovsky 2012-11-15 15:07:46 UTC

This issue affects the versions of the perl package, as shipped with Red Hat Enterprise Linux 5 and 6.

Comment 4 Vincent Danen 2012-11-15 21:47:02 UTC

This was assigned CVE-2012-5526:

http://www.openwall.com/lists/oss-security/2012/11/15/6

Comment 5 Petr Pisar 2012-11-16 08:56:43 UTC

Created attachment 646250 [details]
Upstream fix

Comment 6 Tomas Hoger 2012-11-16 09:25:24 UTC

Upstream commits:

https://github.com/markstos/CGI.pm/commit/80f44433a43b51e5851218a08f6920adfb91991a
https://github.com/markstos/CGI.pm/commit/7bb474c5b308cf93298f96923280aa82a4a195ec

Comment 9 Fedora Update System 2012-11-23 07:54:17 UTC

perl-CGI-3.51-10.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 10 Fedora Update System 2012-11-28 11:36:19 UTC

perl-CGI-3.51-7.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2012-12-12 00:28:17 UTC

perl-CGI-3.59-235.fc18, perl-5.16.2-235.fc18 has been pushed to the Fedora 18 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 12 Fedora Update System 2012-12-13 05:54:57 UTC

perl-CGI-3.52-218.fc17, perl-5.14.3-218.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 13 Fedora Update System 2012-12-18 02:24:45 UTC

perl-CGI-3.52-203.fc16, perl-5.14.3-203.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 15 Petr Pisar 2013-03-04 11:25:13 UTC

Created attachment 704881 [details]
Fix ported to perl-5.10.1

Comment 16 Petr Pisar 2013-03-04 15:44:54 UTC

Created attachment 705046 [details]
Fix ported to perl-5.8.8

Comment 17 errata-xmlrpc 2013-03-26 19:27:38 UTC

This issue has been addressed in following products:

  Red Hat Enterprise Linux 5
  Red Hat Enterprise Linux 6

Via RHSA-2013:0685 https://rhn.redhat.com/errata/RHSA-2013-0685.html

Note You need to log in before you can comment on or make changes to this bug.