lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] (CVE-2010-2253)

  - perl-libwww-perl: no hostname check against SSL certificate name by default (CVE-2011-0633)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] (CVE-2010-2253)

  - perl-libwww-perl: no hostname check against SSL certificate name by default (CVE-2011-0633)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 3 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched.

  - perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] (CVE-2010-2253)

Note that Nessus has not tested for this issue but has instead relied on the package manager's report that the package is installed.

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched.

  - perl-libwww-perl: multiple HTTP client download filename vulnerability [OCERT 2010-001] (CVE-2010-2253)

  - perl-libwww-perl: no hostname check against SSL certificate name by default (CVE-2011-0633)

Note that Nessus has not tested for these issues but has instead relied on the package manager's report that the package is installed.

The remote host is affected by the vulnerability described in GLSA-201402-04 (libwww-perl: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in libwww-perl. Please       review the CVE identifiers referenced below for details.
  Impact :

    A remote attacker could entice a user to download a specially crafted       file with an application linked against libwww-perl, which could result       in overwritten files or arbitrary code execution by writing to a dotfile       in the user&rsquo;s home directory (such as .bashrc). Additionally, a remote       attacker could perform a Man-in-the-Middle attack.
  Workaround :

    There is no known workaround at this time.

Fix broken package dependencies CVE-2010-2253 lwp-download now needs the -s option to honor the Content-Disposition header CVE-2010-2253 lwp-download now needs the -s option to honor the Content-Disposition header

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory.

Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

A vulnerability has been found and corrected in perl-libwww-perl :

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a . (dot) character, which allows remote servers to create or overwrite files via (1) a 3xx redirect to a URL with a crafted filename or (2) a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory (CVE-2010-2253).

Packages for 2008.0 and 2009.0 are provided as of the Extended Maintenance Program. Please visit this link to learn more:
http://store.mandriva.com/product_info.php?cPath=149&amp;products_id=4 90

The updated packages have been patched to correct this issue.

lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a `.' (dot) character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

ID	Name	Product	Family	Severity
199120	RHEL 6 : perl-libwww-perl (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
199058	RHEL 5 : perl-libwww-perl (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
199053	RHEL 3 : perl-libwww-perl (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	high
199017	RHEL 4 : perl-libwww-perl (Unpatched Vulnerability)	Nessus	Red Hat Local Security Checks	medium
72314	GLSA-201402-04 : libwww-perl: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	medium
50455	Fedora 13 : perl-libwww-perl-5.837-2.fc13 (2010-15532)	Nessus	Fedora Local Security Checks	medium
50454	Fedora 14 : perl-libwww-perl-5.837-2.fc14 (2010-15405)	Nessus	Fedora Local Security Checks	medium
49066	Ubuntu 6.06 LTS / 8.04 LTS / 9.04 / 9.10 / 10.04 LTS : libwww-perl vulnerability (USN-981-1)	Nessus	Ubuntu Local Security Checks	medium
49064	Mandriva Linux Security Advisory : perl-libwww-perl (MDVSA-2010:167)	Nessus	Mandriva Local Security Checks	medium
49062	FreeBSD : p5-libwww -- possibility to remote servers to create file with a .(dot) character (3a7c5fc4-b50c-11df-977b-ecc31dd8ad06)	Nessus	FreeBSD Local Security Checks	medium

Detections

Analytics

CVE-2010-2253

high

Tenable Plugins

medium

medium

high

medium

medium

medium

medium

medium

medium

medium