Vulnerabilities > CVE-2013-4407 - Unspecified vulnerability in Http-Body Project Http-Body
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN http-body-project
nessus
Summary
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
Vulnerable Configurations
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2014-247.NASL description perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files. last seen 2020-06-05 modified 2014-06-13 plugin id 75305 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75305 title openSUSE Security Update : perl-HTTP-Body (openSUSE-SU-2014:0433-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2014-247. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75305); script_version("1.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2013-4407"); script_bugtraq_id(62875); script_name(english:"openSUSE Security Update : perl-HTTP-Body (openSUSE-SU-2014:0433-1)"); script_summary(english:"Check for the openSUSE-2014-247 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "perl-HTTP-Body was updated to 1.19 and also received a security fix for a potential remote code injection when upload files." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=844951" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2014-03/msg00082.html" ); script_set_attribute( attribute:"solution", value:"Update the affected perl-HTTP-Body package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-HTTP-Body"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:12.3"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2014/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE12\.3|SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "12.3 / 13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if ( rpm_check(release:"SUSE12.3", reference:"perl-HTTP-Body-1.19-4.4.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"perl-HTTP-Body-1.19-2.4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-HTTP-Body"); }NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-282.NASL description Updated perl-HTTP-Body package fixes security vulnerability : Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks (CVE-2013-4407). last seen 2020-06-01 modified 2020-06-02 plugin id 71091 published 2013-11-26 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71091 title Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2801.NASL description Jonathan Dolle reported a design error in HTTP::Body, a Perl module for processing data from HTTP POST requests. The HTTP body multipart parser creates temporary files which preserve the suffix of the uploaded file. An attacker able to upload files to a service that uses HTTP::Body::Multipart could potentially execute commands on the server if these temporary filenames are used in subsequent commands without further checks. This update restricts the possible suffixes used for the created temporary files. The oldstable distribution (squeeze) is not affected by this problem. last seen 2020-03-17 modified 2013-11-22 plugin id 71025 published 2013-11-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/71025 title Debian DSA-2801-1 : libhttp-body-perl - design error
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html
- http://www.debian.org/security/2013/dsa-2801
- http://www.debian.org/security/2013/dsa-2801
- http://www.openwall.com/lists/oss-security/2024/04/07/1
- http://www.openwall.com/lists/oss-security/2024/04/07/1
- https://metacpan.org/release/GETTY/HTTP-Body-1.23/
- https://metacpan.org/release/GETTY/HTTP-Body-1.23/
- https://www.openwall.com/lists/oss-security/2024/04/07/1
- https://www.openwall.com/lists/oss-security/2024/04/07/1