CERT/CC Vulnerability Note VU#246409

Overview

A vulnerability in the Common Gateway Interface (CGI) Perl module may allow an attacker to mount a cross-site scripting attack against a vulnerable system.

Description

The Common Gateway Interface, or CGI, is a standard for external gateway programs to interface with information servers such as HTTP servers. The standard Perl distribution and many vendor's repackaged Perl systems include a CGI library known as CGI.pm. This module offers a set of functions for creating fill-out forms, among other things.

Some versions of the CGI.pm module contain a vulnerability in handling of the action in the start_form() and start_multipart_form() functions. When the action for the form is not specified, a default based on the user-supplied URL is used. Because the value of this expression is not sanitized by the module before processing and contains user-supplied data or data received from untrustworthy sources, a remote attacker may be able to inject HTML or malicious script. A user of the vulnerable site or web application may then be tricked into interpreting the HTML or executing the script in a situation where they normally might not.

Impact

The victim will be presented with information that the vulnerable site did not wish their visitors to be subjected to. This could be used to "sniff" sensitive data from within the web page, including passwords, credit card numbers, and any arbitrary information the user inputs. This exploitation vector is commonly referred to as a cross-site scripting attack.

Solution

Apply a patch from the vendor

Versions 2.94 and later of the CGI.pm module contain a fix for this vulnerability. Please see the vendor section of this document for further details.

Vendor Information

246409

Filter by status:

Filter by content: Additional information available

Sort by:

Expand all

Conectiva Affected

Debian Affected

Lincoln Stein Affected

MandrakeSoft Affected

OpenBSD Affected

OpenPKG Affected

Red Hat Inc. Affected

SCO Affected

Updated: November 13, 2003

Status

Affected

Vendor Statement

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1

______________________________________________________________________________

SCO Security Advisory

Subject:OpenServer 5.0.7 OpenServer 5.0.6 OpenServer 5.0.5 : Perl cross-site scripting vulnerability. Advisory number: CSSA-2003-SCO.30 Issue date: 2003 November 06 Cross reference:sr883606 fz528215 erg712409 ______________________________________________________________________________

1. Problem Description

Perl is a high-level interpreted programming language well known for its flexibility and ability to work with text streams.

Obscure^ (obscure@eyeonsecurity.org) reported a cross site scripting vulnerability in the CGI.pm perl module. This module is used to facilitate the creation of web forms and is part of the perl-modules RPM package.

2. Vulnerable Supported Versions

SystemBinaries ---------------------------------------------------------------------- OpenServer 5.0.7 Perl distribution OpenServer 5.0.6Perl distribution OpenServer 5.0.5 Perl distribution

3. Solution

The proper solution is to install the latest packages.

4. OpenServer 5.0.7 4.1 First install Maintenance Pack 1 ftp://ftp.sco.com/pub/openserver5/507/osr507mp/

4.2 Next install gxwlibs

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29

4.2 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30

4.3 Verification

MD5 (VOL.000.000) = af4167c4c52e3af6dcc94289807b008e MD5 (VOL.000.001) = 2129b31fbde991c7ecdba826de8fc4b1 MD5 (VOL.000.002) = a6ee80a4f937f985dbe4eb247e98d350 MD5 (VOL.000.003) = b84437579b43fa8cc57ff8936490543d

md5 is available for download from ftp://ftp.sco.com/pub/security/tools

4.4 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.

5. OpenServer 5.0.6 / OpenServer 5.0.5

5.1 First install OSS646B - Execution Environment Supplement ftp://ftp.sco.com/pub/openserver5/oss646b

5.2 Next install gwxlibs

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.29

5.3 Location of Fixed Binaries

ftp://ftp.sco.com/pub/updates/OpenServer/CSSA-2003-SCO.30

5.4 Verification

MD5 (VOL.000.000) = af4167c4c52e3af6dcc94289807b008e MD5 (VOL.000.001) = 2129b31fbde991c7ecdba826de8fc4b1 MD5 (VOL.000.002) = a6ee80a4f937f985dbe4eb247e98d350 MD5 (VOL.000.003) = b84437579b43fa8cc57ff8936490543d

md5 is available for download from ftp://ftp.sco.com/pub/security/tools

5.5 Installing Fixed Binaries

Upgrade the affected binaries with the following sequence:

1) Download the VOL* files to the /tmp directory

2) Run the custom command, specify an install from media images, and specify the /tmp directory as the location of the images.

6. References

Specific references for this advisory: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2003-0615 http://marc.theaimsgroup.com/?l=bugtraq&m=105880349328877&w=2 http://eyeonsecurity.org/advisories/CGI.pm/adv.html

SCO security resources: http://www.sco.com/support/security/index.html

This security fix closes SCO incidents sr883606 fz528215 erg712409.

7. Disclaimer

SCO is not responsible for the misuse of any of the information we provide on this website and/or through our security advisories. Our advisories are a service to our customers intended to promote secure installation and use of SCO products.

8. Acknowledgments

SCO would like to thank Obscure^ for reporting this issue. ______________________________________________________________________________

-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3 (SCO/UNIX_SVR5)

iD8DBQE/qve+aqoBO7ipriERAqUtAJ9MBKogbCSdqJ8UrBA6YDmu2dXosQCgiaI9 LzUtvWmI6sIIeitugMgsyRg= =2/ex -----END PGP SIGNATURE-----

Vendor Information

The vendor has not provided us with any further information regarding this vulnerability.

Addendum

The CERT/CC has no additional comments at this time.

If you have feedback, comments, or additional information about this vulnerability, please send us email.

Sun Microsystems Inc. Affected

CVSS Metrics

Group	Score	Vector
Base
Temporal
Environmental

References

Acknowledgements

Thanks to Obscure for reporting this vulnerability.

This document was written by Chad R Dougherty with feedback from Sean Levy.

Other Information

CVE IDs:	CVE-2003-0615
Severity Metric:	15.00
Date Public:	2003-07-19
Date First Published:	2003-10-07
Date Last Updated:	2004-02-23 22:11 UTC
Document Revision:	12

Software Engineering Institute

CERT Coordination Center

CGI.pm vulnerable to Cross-site Scripting

Vulnerability Note VU#246409

Overview

Description

Impact

Solution

Vendor Information

Conectiva Affected

Debian Affected

Lincoln Stein Affected

MandrakeSoft Affected

OpenBSD Affected

OpenPKG Affected

Red Hat Inc. Affected

SCO Affected

Sun Microsystems Inc. Affected

CVSS Metrics

References

Acknowledgements

Other Information

Contact CERT/CC