CVE-2010-2253

Related Files

Gentoo Linux Security Advisory 201402-04

Posted Feb 4, 2014

Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 201402-4 - Multiple vulnerabilities have been found in libwww-perl, the worst of which could allow attackers to execute arbitrary code. Versions less than 6.30.0 are affected.

tags | advisory, arbitrary, perl, vulnerability

systems | linux, gentoo

advisories | CVE-2010-2253, CVE-2011-0633

SHA-256 | fcf4a9d24a64af0d45ccfe4eeeaac5b293d0ff2ab6df35386844d9029a6651cf

Download | Favorite | View

Mandriva Linux Security Advisory 2010-167

Posted Sep 1, 2010

Authored by Mandriva | Site mandriva.com

Mandriva Linux Security Advisory 2010-167 - lwp-download in libwww-perl before 5.835 does not reject downloads to filenames that begin with a. character, which allows remote servers to create or overwrite files via a 3xx redirect to a URL with a crafted filename or a Content-Disposition header that suggests a crafted filename, and possibly execute arbitrary code as a consequence of writing to a dotfile in a home directory.

tags | advisory, remote, arbitrary, perl

systems | linux, mandriva

advisories | CVE-2010-2253

SHA-256 | 74795e4d17810b910f6c05d27cb6c8f960f3cfee14bfdfcc1271393daac67a27

Download | Favorite | View

Ubuntu Security Notice 981-1

Posted Aug 31, 2010

Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 981-1 - It was discovered that libwww-perl incorrectly filtered filenames suggested by Content-Disposition headers. If a user were tricked into downloading a file from a malicious site, a remote attacker could overwrite hidden files in the user's directory.

tags | advisory, remote, perl

systems | linux, ubuntu

advisories | CVE-2010-2253

SHA-256 | c075eb9f7a7aa39e64016a87bd6f0e1be9762ecd2feaed17a9615c6901713fe9

Download | Favorite | View