Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | |||
Test ID: | 1.3.6.1.4.1.25623.1.0.870972 |
Category: | Red Hat Local Security Checks |
Title: | RedHat Update for perl RHSA-2013:0685-01 |
Summary: | The remote host is missing an update for the 'perl'; package(s) announced via the referenced advisory. |
Description: | Summary: The remote host is missing an update for the 'perl' package(s) announced via the referenced advisory. Vulnerability Insight: Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially-crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect. Affected Software/OS: perl on Red Hat Enterprise Linux (v. 5 server), Red Hat Enterprise Linux Desktop (v. 6), Red Hat Enterprise Linux Server (v. 6), Red Hat Enterprise Linux Workstation (v. 6) Solution: Please Install the Updated Packages. CVSS Score: 7.5 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P |
Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2012-5195 BugTraq ID: 56287 http://www.securityfocus.com/bid/56287 Debian Security Information: DSA-2586 (Google Search) http://www.debian.org/security/2012/dsa-2586 http://www.mandriva.com/security/advisories?name=MDVSA-2013:113 http://www.openwall.com/lists/oss-security/2012/10/26/2 http://www.openwall.com/lists/oss-security/2012/10/27/1 http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html RedHat Security Advisories: RHSA-2013:0685 http://rhn.redhat.com/errata/RHSA-2013-0685.html http://secunia.com/advisories/51457 http://secunia.com/advisories/55314 http://www.ubuntu.com/usn/USN-1643-1 Common Vulnerability Exposure (CVE) ID: CVE-2012-5526 BugTraq ID: 56562 http://www.securityfocus.com/bid/56562 https://github.com/markstos/CGI.pm/pull/23 http://www.openwall.com/lists/oss-security/2012/11/15/6 http://www.securitytracker.com/id?1027780 XForce ISS Database: perl-cgipm-header-injection(80098) https://exchange.xforce.ibmcloud.com/vulnerabilities/80098 Common Vulnerability Exposure (CVE) ID: CVE-2012-6329 BugTraq ID: 56950 http://www.securityfocus.com/bid/56950 https://bugzilla.redhat.com/show_bug.cgi?id=884354 http://sourceforge.net/mailarchive/message.php?msg_id=30219695 http://openwall.com/lists/oss-security/2012/12/11/4 http://code.activestate.com/lists/perl5-porters/187763/ http://code.activestate.com/lists/perl5-porters/187746/ http://www.ubuntu.com/usn/USN-2099-1 Common Vulnerability Exposure (CVE) ID: CVE-2013-1667 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html BugTraq ID: 58311 http://www.securityfocus.com/bid/58311 Debian Security Information: DSA-2641 (Google Search) http://www.debian.org/security/2013/dsa-2641 HPdes Security Advisory: HPSBUX02928 http://marc.info/?l=bugtraq&m=137891988921058&w=2 HPdes Security Advisory: SSRT101274 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296 https://bugzilla.redhat.com/show_bug.cgi?id=912276 http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html http://osvdb.org/90892 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771 http://secunia.com/advisories/52472 http://secunia.com/advisories/52499 http://www.ubuntu.com/usn/USN-1770-1 XForce ISS Database: perl-rehash-dos(82598) https://exchange.xforce.ibmcloud.com/vulnerabilities/82598 |
Copyright | Copyright (c) 2013 Greenbone Networks GmbH |
This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |