Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.870972
Category:Red Hat Local Security Checks
Title:RedHat Update for perl RHSA-2013:0685-01
Summary:The remote host is missing an update for the 'perl'; package(s) announced via the referenced advisory.
Description:Summary:
The remote host is missing an update for the 'perl'
package(s) announced via the referenced advisory.

Vulnerability Insight:
Perl is a high-level programming language commonly used for system
administration utilities and web programming.

A heap overflow flaw was found in Perl. If a Perl application allowed
user input to control the count argument of the string repeat operator, an
attacker could cause the application to crash or, potentially, execute
arbitrary code with the privileges of the user running the application.
(CVE-2012-5195)

A denial of service flaw was found in the way Perl's rehashing code
implementation, responsible for recalculation of hash keys and
redistribution of hash content, handled certain input. If an attacker
supplied specially-crafted input to be used as hash keys by a Perl
application, it could cause excessive memory consumption. (CVE-2013-1667)

It was found that the Perl CGI module, used to handle Common Gateway
Interface requests and responses, incorrectly sanitized the values for
Set-Cookie and P3P headers. If a Perl application using the CGI module
reused cookies values and accepted untrusted input from web browsers, a
remote attacker could use this flaw to alter member items of the cookie or
add new items. (CVE-2012-5526)

It was found that the Perl Locale::Maketext module, used to localize Perl
applications, did not properly handle backslashes or fully-qualified method
names. An attacker could possibly use this flaw to execute arbitrary Perl
code with the privileges of a Perl application that uses untrusted
Locale::Maketext templates. (CVE-2012-6329)

Red Hat would like to thank the Perl project for reporting CVE-2012-5195
and CVE-2013-1667. Upstream acknowledges Tim Brown as the original
reporter of CVE-2012-5195 and Yves Orton as the original reporter of
CVE-2013-1667.

All Perl users should upgrade to these updated packages, which contain
backported patches to correct these issues. All running Perl programs
must be restarted for this update to take effect.

Affected Software/OS:
perl on Red Hat Enterprise Linux (v. 5 server),
Red Hat Enterprise Linux Desktop (v. 6),
Red Hat Enterprise Linux Server (v. 6),
Red Hat Enterprise Linux Workstation (v. 6)

Solution:
Please Install the Updated Packages.

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2012-5195
BugTraq ID: 56287
http://www.securityfocus.com/bid/56287
Debian Security Information: DSA-2586 (Google Search)
http://www.debian.org/security/2012/dsa-2586
http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
http://www.openwall.com/lists/oss-security/2012/10/26/2
http://www.openwall.com/lists/oss-security/2012/10/27/1
http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
RedHat Security Advisories: RHSA-2013:0685
http://rhn.redhat.com/errata/RHSA-2013-0685.html
http://secunia.com/advisories/51457
http://secunia.com/advisories/55314
http://www.ubuntu.com/usn/USN-1643-1
Common Vulnerability Exposure (CVE) ID: CVE-2012-5526
BugTraq ID: 56562
http://www.securityfocus.com/bid/56562
https://github.com/markstos/CGI.pm/pull/23
http://www.openwall.com/lists/oss-security/2012/11/15/6
http://www.securitytracker.com/id?1027780
XForce ISS Database: perl-cgipm-header-injection(80098)
https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
Common Vulnerability Exposure (CVE) ID: CVE-2012-6329
BugTraq ID: 56950
http://www.securityfocus.com/bid/56950
https://bugzilla.redhat.com/show_bug.cgi?id=884354
http://sourceforge.net/mailarchive/message.php?msg_id=30219695
http://openwall.com/lists/oss-security/2012/12/11/4
http://code.activestate.com/lists/perl5-porters/187763/
http://code.activestate.com/lists/perl5-porters/187746/
http://www.ubuntu.com/usn/USN-2099-1
Common Vulnerability Exposure (CVE) ID: CVE-2013-1667
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
BugTraq ID: 58311
http://www.securityfocus.com/bid/58311
Debian Security Information: DSA-2641 (Google Search)
http://www.debian.org/security/2013/dsa-2641
HPdes Security Advisory: HPSBUX02928
http://marc.info/?l=bugtraq&m=137891988921058&w=2
HPdes Security Advisory: SSRT101274
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
https://bugzilla.redhat.com/show_bug.cgi?id=912276
http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
http://osvdb.org/90892
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
http://secunia.com/advisories/52472
http://secunia.com/advisories/52499
http://www.ubuntu.com/usn/USN-1770-1
XForce ISS Database: perl-rehash-dos(82598)
https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
CopyrightCopyright (c) 2013 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2024 E-Soft Inc. All rights reserved.