HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded files name after the first . character as the suffix of a temporary file, which makes it easier for remote attackers to conduct attacks by leveraging subsequent behavior that may assume the suffix is well-formed.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Http-body | Http-body_project | * | 1.17 (including) |
| Http-body | Http-body_project | 0.01 (including) | 0.01 (including) |
| Http-body | Http-body_project | 0.2 (including) | 0.2 (including) |
| Http-body | Http-body_project | 0.03 (including) | 0.03 (including) |
| Http-body | Http-body_project | 0.4 (including) | 0.4 (including) |
| Http-body | Http-body_project | 0.5 (including) | 0.5 (including) |
| Http-body | Http-body_project | 0.6 (including) | 0.6 (including) |
| Http-body | Http-body_project | 0.7 (including) | 0.7 (including) |
| Http-body | Http-body_project | 0.8 (including) | 0.8 (including) |
| Http-body | Http-body_project | 0.9 (including) | 0.9 (including) |
| Http-body | Http-body_project | 1.00 (including) | 1.00 (including) |
| Http-body | Http-body_project | 1.01 (including) | 1.01 (including) |
| Http-body | Http-body_project | 1.02 (including) | 1.02 (including) |
| Http-body | Http-body_project | 1.03 (including) | 1.03 (including) |
| Http-body | Http-body_project | 1.04 (including) | 1.04 (including) |
| Http-body | Http-body_project | 1.05 (including) | 1.05 (including) |
| Http-body | Http-body_project | 1.06 (including) | 1.06 (including) |
| Http-body | Http-body_project | 1.07 (including) | 1.07 (including) |
| Http-body | Http-body_project | 1.08 (including) | 1.08 (including) |
| Http-body | Http-body_project | 1.09 (including) | 1.09 (including) |
| Http-body | Http-body_project | 1.10 (including) | 1.10 (including) |
| Http-body | Http-body_project | 1.11 (including) | 1.11 (including) |
| Http-body | Http-body_project | 1.12 (including) | 1.12 (including) |
| Http-body | Http-body_project | 1.14 (including) | 1.14 (including) |
| Http-body | Http-body_project | 1.15 (including) | 1.15 (including) |
| Http-body | Http-body_project | 1.16 (including) | 1.16 (including) |
| Libhttp-body-perl | Ubuntu | lucid | * |
| Libhttp-body-perl | Ubuntu | precise | * |
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html
- http://www.debian.org/security/2013/dsa-2801
- http://www.openwall.com/lists/oss-security/2024/04/07/1
- https://metacpan.org/release/GETTY/HTTP-Body-1.23/
- https://www.openwall.com/lists/oss-security/2024/04/07/1
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=721634
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=13ac5b23c083bc56e32dd706ca02fca292bd2161
- http://git.shadowcat.co.uk/gitweb/gitweb.cgi?p=catagits/HTTP-Body.git%3Ba=commit%3Bh=cc75c886256f187cda388641931e8dafad6c2346
- http://lists.opensuse.org/opensuse-security-announce/2014-03/msg00018.html
- http://www.debian.org/security/2013/dsa-2801
- http://www.openwall.com/lists/oss-security/2024/04/07/1
- https://metacpan.org/release/GETTY/HTTP-Body-1.23/
- https://www.openwall.com/lists/oss-security/2024/04/07/1