Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability

Bugtraq ID:	23668
Class:	Input Validation Error
CVE:	CVE-2007-2291 CVE-2007-2292
Remote:	Yes
Local:	No
Published:	Apr 25 2007 12:00AM
Updated:	Jul 06 2016 02:39PM
Credit:	Stefano Di Paola is credited with the discovery of this issue.
Vulnerable:	Warpzilla Enhanced Gecko 1.8.1.7 Ubuntu Ubuntu Linux 7.10 sparc Ubuntu Ubuntu Linux 7.10 powerpc Ubuntu Ubuntu Linux 7.10 i386 Ubuntu Ubuntu Linux 7.10 amd64 Ubuntu Ubuntu Linux 7.04 sparc Ubuntu Ubuntu Linux 7.04 powerpc Ubuntu Ubuntu Linux 7.04 i386 Ubuntu Ubuntu Linux 7.04 amd64 Ubuntu Ubuntu Linux 6.10 sparc Ubuntu Ubuntu Linux 6.10 powerpc Ubuntu Ubuntu Linux 6.10 i386 Ubuntu Ubuntu Linux 6.10 amd64 Ubuntu Ubuntu Linux 6.06 LTS sparc Ubuntu Ubuntu Linux 6.06 LTS powerpc Ubuntu Ubuntu Linux 6.06 LTS i386 Ubuntu Ubuntu Linux 6.06 LTS amd64 SuSE SUSE Linux Enterprise Server 9 SuSE SUSE Linux Enterprise Server 8 + Linux kernel 2.4.21 + Linux kernel 2.4.19 SuSE SUSE Linux Enterprise Server 10 SP1 SuSE SUSE Linux Enterprise Desktop 10 SP1 SuSE openSUSE 10.3 SuSE Linux Professional 10.2 x86_64 SuSE Linux Personal 10.2 x86_64 Sun Solaris 10_x86 Sun Solaris 10_sparc Slackware Linux 10.2 Slackware Linux 12.0 Slackware Linux 11.0 Slackware Linux -current S.u.S.E. UnitedLinux 1.0 S.u.S.E. SuSE Linux Standard Server 8.0 S.u.S.E. SuSE Linux School Server for i386 S.u.S.E. SUSE LINUX Retail Solution 8.0 S.u.S.E. SuSE Linux Openexchange Server 4.0 S.u.S.E. openSUSE 10.2 S.u.S.E. Open-Enterprise-Server 0 S.u.S.E. Novell Linux POS 9 S.u.S.E. Novell Linux Desktop 9.0 S.u.S.E. Linux Professional 10.0 OSS S.u.S.E. Linux Professional 10.0 S.u.S.E. Linux Professional 10.2 S.u.S.E. Linux Professional 10.1 S.u.S.E. Linux Personal 10.0 OSS S.u.S.E. Linux Personal 10.2 S.u.S.E. Linux Personal 10.1 S.u.S.E. Linux 1.0 S.u.S.E. Linux 10.1 x86-64 S.u.S.E. Linux 10.1 x86 S.u.S.E. Linux 10.1 ppc S.u.S.E. Linux 10.0 x86-64 S.u.S.E. Linux 10.0 x86 S.u.S.E. Linux 10.0 ppc rPath rPath Linux 1 RedHat Enterprise Linux WS 4 RedHat Enterprise Linux WS 3 RedHat Enterprise Linux WS 2.1 RedHat Enterprise Linux Optional Productivity Application 5 server RedHat Enterprise Linux ES 4 RedHat Enterprise Linux ES 3 RedHat Enterprise Linux ES 2.1 RedHat Enterprise Linux Desktop Workstation 5 client RedHat Enterprise Linux Desktop version 4 RedHat Desktop 4.0 RedHat Desktop 3.0 RedHat Advanced Workstation for the Itanium Processor 2.1 Red Hat Fedora Core7 Red Hat Fedora Core6 Red Hat Fedora 7 Red Hat Enterprise Linux Desktop 5 client Red Hat Enterprise Linux AS 4 Red Hat Enterprise Linux AS 3 Red Hat Enterprise Linux AS 2.1 Red Hat Enterprise Linux 5 Server Netscape Navigator 9.0 Mozilla SeaMonkey 1.1.4 Mozilla SeaMonkey 1.1.3 Mozilla SeaMonkey 1.1.2 Mozilla SeaMonkey 1.1.1 Mozilla SeaMonkey 1.1 beta Mozilla Firefox 2.0 .7 Mozilla Firefox 2.0 .6 Mozilla Firefox 2.0 .5 Mozilla Firefox 2.0 .4 Mozilla Firefox 2.0 .3 Mozilla Firefox 2.0 .1 Mozilla Firefox 2.0.0.2 Mozilla Firefox 2.0 RC3 Mozilla Firefox 2.0 RC2 Mozilla Firefox 2.0 beta 1 Mozilla Firefox 2.0 Microsoft Internet Explorer 7.0.5730 .11 Mandriva Linux Mandrake 2008.0 x86_64 Mandriva Linux Mandrake 2008.0 Mandriva Linux Mandrake 2007.1 x86_64 Mandriva Linux Mandrake 2007.1 MandrakeSoft Corporate Server 4.0 x86_64 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 MandrakeSoft Corporate Server 4.0 Gentoo Linux Foresight Linux Foresight Linux 1.1 Debian Linux 4.0 sparc Debian Linux 4.0 s/390 Debian Linux 4.0 powerpc Debian Linux 4.0 mipsel Debian Linux 4.0 mips Debian Linux 4.0 m68k Debian Linux 4.0 ia-64 Debian Linux 4.0 ia-32 Debian Linux 4.0 hppa Debian Linux 4.0 arm Debian Linux 4.0 amd64 Debian Linux 4.0 alpha Debian Linux 4.0 Debian Iceweasel 0 Debian Iceape 1.0.11 Avaya Messaging Storage Server MM3.0 Avaya Messaging Storage Server 3.1 Avaya Message Networking MN 3.1 Avaya Message Networking 3.1 Avaya Intuity AUDIX LX 2.0
Not Vulnerable:	Warpzilla Enhanced Gecko 1.8.1.8 Netscape Navigator 9.0 1 Mozilla SeaMonkey 1.1.5 Mozilla Firefox 2.0 .8

Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability

Multiple browsers are prone to an HTTP-response-splitting vulnerability because the software fails to properly sanitize user-supplied input.

A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached, or interpreted. This could aid in various attacks that try to entice client users into a false sense of trust.

This issue affects Microsoft Internet Explorer 7.0.5730.11 and Mozilla Firefox 2.0.0.3; other versions and browsers may also be affected.

Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability

An attacker can exploit this issue via a browser.

Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability

Solution:
Mozilla has released updates to address this issue. Please see the references for more information.


Slackware Linux 12.0

• Slackware mozilla-firefox-2.0.0.8-i686-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ mozilla-firefox-2.0.0.8-i686-1.tgz


• Slackware seamonkey-1.1.5-i486-1_slack12.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-12.0/patches/packages/ seamonkey-1.1.5-i486-1_slack12.tgz

Slackware Linux -current

• Slackware mozilla-firefox-2.0.0.8-i686-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ mozilla-firefox-2.0.0.8-i686-1.tgz


• Slackware seamonkey-1.1.5-i486-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-current/slackware/xap/ seamonkey-1.1.5-i486-1.tgz

Mozilla Firefox 2.0 RC2

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla Firefox 2.0 beta 1

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla SeaMonkey 1.1 beta

• Mozilla SeaMonkey 1.1.5
  http://www.mozilla.org/projects/seamonkey/

Netscape Navigator 9.0

• Netscape Netscape Navigator 9.0.0.1
  http://browser.netscape.com/downloads/

Sun Solaris 10_x86

• Sun 125540-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125540-02-1


• Sun 125542-02
  http://sunsolve.sun.com/search/document.do?assetkey=urn:cds:docid:1-21 -125542-02-1

Mozilla SeaMonkey 1.1.3

• Mozilla SeaMonkey 1.1.5
  http://www.mozilla.org/projects/seamonkey/

Mozilla SeaMonkey 1.1.4

• Mozilla SeaMonkey 1.1.5
  http://www.mozilla.org/projects/seamonkey/

Slackware Linux 10.2

• Slackware mozilla-firefox-2.0.0.8-i686-1.tgz
  ftp://ftp.slackware.com/pub/slackware/slackware-10.2/patches/packages/ mozilla-firefox-2.0.0.8-i686-1.tgz

Mozilla Firefox 2.0 .6

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla Firefox 2.0 .1

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla Firefox 2.0 .5

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Mozilla Firefox 2.0 .7

• Mozilla Firefox 2.0.0.8
  http://www.mozilla.com/en-US/firefox/

Multiple Web Browsers Digest Authentication HTTP Response Splitting Vulnerability

References:

• Bug 378787 (CVE-2007-2292) �?? IE 7 and Firefox Browsers Digest Authentication Req (chris hofmann)
  
• Microsoft Internet Explorer Homepage (Microsoft)
  
• Mozilla Homepage (Mozilla Foundation)
  
• Netscape Navigator Release Notes (Netscape)
  
• Warpzilla Enhanced Gecko 1.8.1.8 Release Notes (WarpZilla Enhanced)
  
• IE 7 and Firefox Browsers Digest Authentication Request Splitting (Stefano Di Paola)
  
• ASA-2007-447 Firefox security update (RHSA-2007-0979) (Avaya)
  
• Mozilla Foundation Security Advisory 2007-31 (Mozilla)
  
• RHSA-2007:0979-1 Critical: firefox security update (Red Hat)
  
• RHSA-2007:0980-2 Critical: seamonkey security update (Red Hat)
  
• RHSA-2007:0981-2 Moderate: thunderbird security update (Red Hat)
  
• Solution 201516 : Multiple Security Vulnerabilities in Firefox and Thunderbir (Sun)
  
• Sun Alert ID: 103177 (Sun Microsystems)