Pardus: 2010-85: perl-libwww: Unexpected Download
Posted by Benjamin D. Thomas   
A vulnerability has been fixed in perl-libwww which can allow malicious users to overwrite existing files (such as .bashrc)
------------------------------------------------------------------------
Pardus Linux Security Advisory 2010-85            security@pardus.org.tr
------------------------------------------------------------------------
      Date: 2010-06-24
  Severity: 3
      Type: Remote
------------------------------------------------------------------------

Summary
======
A vulnerability has been fixed in perl-libwww which can allow malicious
users to overwrite existing files (such as .bashrc)


Description
==========
Unsafe behaviours have been found in lftp and lwp-download handling the
Content-Disposition header in conjunction with the 'suggested filename'
functionality.



Additionally, unsafe behaviours have been found in wget and lwp-download
in the case of HTTP 3xx redirections during file downloading.  The  two
applications automatically use the URL's filename portion specified  in
the Location header.



Implicitly trusting the suggested filenames results in a saved file that
differs from the expected one according to the  URL  specified  by  the
user. This can be used by an  attacker-controlled  server  to  silently
write hidden and/or  initialization  files  under  the  user's  current
directory (e.g. .login, .bashrc).


Affected packages:

  Pardus 2009:
    perl-libwww, all before 5.835-13-7


Resolution
=========
There are update(s) for perl-libwww. You can update  them  via  Package
Manager or with a single command from console:

    pisi up perl-libwww

References
=========
  * http://bugs.pardus.org.tr/show_bug.cgi?id441

------------------------------------------------------------------------