oss-sec mailing list archives

Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526)

From: Kurt Seifried <kseifried () redhat com>
Date: Mon, 26 Nov 2012 11:43:18 -0700

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/26/2012 11:06 AM, Jan Lieskovsky wrote:

Hello Kurt, Steve, vendors,

  a security flaw was found in the way Dancer.pm,
lightweight yet powerful web application framework
/ Perl language module, performed sanitization of
values to be used for cookie() and cookies() methods.
A remote attacker could use this flaw to inject arbitrary
headers into responses from (Perl) applications, that use
Dancer.pm. A different vulnerability than CVE-2012-5526.

References:
[1] http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=694279
[2] https://github.com/sukria/Dancer/issues/859
[3] https://bugzilla.redhat.com/show_bug.cgi?id=880329

Could you allocate a CVE id for this?

Thank you && Regards, Jan.
--
Jan iankko Lieskovsky / Red Hat Security Response Team

P.S.: The issue is different / unrelated than similar
      recent CGI.pm, CVE-2012-5526, flaw (the presence
      / absence of the CGI.pm CVE-2012-5526 fix doesn't
      have impact on it).


Please use CVE-2012-5572 for this issue.

- -- 
Kurt Seifried Red Hat Security Response Team (SRT)
PGP: 0x5E267993 A90B F995 7350 148F 66BF 7554 160D 4553 5E26 7993

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iQIcBAEBAgAGBQJQs7hGAAoJEBYNRVNeJnmT0gsP/RE8jm9pBxcXxN47xB8K5Elp
f9wl3D0qWOK/nBqL/OIyy6gJ/8+0Gm5y9QKYvanwMEss668PKkflgZ/Bffa9t2+4
1eya1Y+UX/+CN7UE9uNsiYPuRb1PlB6aPo/V9Mf+X+So+QvbrwDt8e+dVupK9XDW
ZJDhP7tJGOR3Mfly+5IDSqJf7cg9WtRpfrPXiyGVTEHwvE6ocE2Qnc8WQ46ZCGLN
lDdMMsawpieqO7ItF0co46k0KaU0Lhu5wS7CjU2h6GRRMI3+VDYiBuqsn4t+HwI8
wQUcd0LVidfSDFuFwHcf3Wt08SvPG6fiH9Kx/vwo5gvsi7L5lB2xxviEufuqwTpL
V3rlGY1uI+KbHlI/sqZUKKuXLuuG76P6VrTb/Qoh1YoRfpbZrqSvvtBjn+RmIWe+
x6jucEBqWE9zivj1GsstCfbthVGHAxNmNYZC7JByUZDB9Eyrk3/2CLfM4BwV3EcA
DOTACUJF5M+DZTq2uGvt/5T4EoO4Nk/h7v/KjpjwZjKvvxbca5/zD7aBzBRvBwpO
ObDZcFwigZea4mYbOic1zE4uVb7Wzq9c/WUV9REI4ZAa1nbNAI3RaxS0ONWmiZOn
2jSUylOEi0TpjyQCN68WQHnWhbVpEQ0SycUdagykBWHCOJm7Xpx4vFp8bbSSZaTS
+Ot4A2E2OfLGAoE13rfN
=6/g3
-----END PGP SIGNATURE-----

Current thread:

CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Jan Lieskovsky (Nov 26)
- Re: CVE Request -- Dancer.pm / perl-Dancer / libdancer-perl: Newline injection due to improper CRLF escaping in cookie() and cookies() methods (different vulnerability than CVE-2012-5526) Kurt Seifried (Nov 26)