CVE-2011-2766
openSUSE 11.3,openSUSE 11.4
CVE-2011-2766, security advisory, novell, suse linux, suse, security, cve

CVE-2011-2766

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2011-2766 at MITRE

Description

The FCGI (aka Fast CGI) module 0.70 through 0.73 for Perl, as used by CGI::Fast, uses environment variable values from one request during processing of a later request, which allows remote attackers to bypass authentication via crafted HTTP headers.

SUSE information

CVSS v2 Scores
  National Vulnerability Database
Base Score 7.48
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Access Vector Network
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact Partial
Availability Impact Partial
SUSE Bugzilla entry: 735882 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE 11.3
  • FastCGI-debuginfo >= 2.4.0-144.3.1
  • FastCGI-debugsource >= 2.4.0-144.3.1
  • perl-FastCGI-debuginfo >= 2.4.0-144.3.1
openSUSE 11.3
  • FastCGI >= 2.4.0-144.3.1
  • FastCGI-devel >= 2.4.0-144.3.1
  • perl-FastCGI >= 2.4.0-144.3.1
openSUSE 11.4
  • FastCGI >= 2.4.0-149.150.1
  • FastCGI-devel >= 2.4.0-149.150.1
  • perl-FastCGI >= 2.4.0-149.150.1
openSUSE 11.4
  • FastCGI >= 2.4.0-149.150.1
  • FastCGI-debuginfo >= 2.4.0-149.150.1
  • FastCGI-debugsource >= 2.4.0-149.150.1
  • FastCGI-devel >= 2.4.0-149.150.1
  • perl-FastCGI >= 2.4.0-149.150.1
  • perl-FastCGI-debuginfo >= 2.4.0-149.150.1
Patchnames:
FastCGI