Mandriva Linux Security Advisory : perl-HTTP-Body (MDVSA-2013:282)

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

The remote Mandriva Linux host is missing a security update.

Description :

Updated perl-HTTP-Body package fixes security vulnerability :

Jonathan Dolle reported a design error in HTTP::Body, a Perl module
for processing data from HTTP POST requests. The HTTP body multipart
parser creates temporary files which preserve the suffix of the
uploaded file. An attacker able to upload files to a service that uses
HTTP::Body::Multipart could potentially execute commands on the server
if these temporary filenames are used in subsequent commands without
further checks (CVE-2013-4407).

See also :

http://advisories.mageia.org/MGASA-2013-0352.html

Solution :

Update the affected perl-HTTP-Body package.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.9
(CVSS2#E:ND/RL:OF/RC:ND)
Public Exploit Available : true

Family: Mandriva Local Security Checks

Nessus Plugin ID: 71091 ()

Bugtraq ID: 62875

CVE ID: CVE-2013-4407

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now