Vulnerabilities > CVE-2005-3962 - Numeric Errors vulnerability in Perl 5.8.6/5.9.2

047910
CVSS 4.6 - MEDIUM
Attack vector
LOCAL
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
PARTIAL
Integrity impact
PARTIAL
Availability impact
PARTIAL
local
low complexity
perl
CWE-189
nessus

Summary

Integer overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.

Vulnerable Configurations

Part Description Count
Application
Perl
2

Common Weakness Enumeration (CWE)

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1113.NASL
    descriptionFixed CVE-2005-3962 / CVE-2005-3912: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 backported upstream patch #26240 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20257
    published2005-12-07
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20257
    titleFedora Core 4 : perl-5.8.6-18 (2005-1113)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1113.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20257);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2005-3912");
      script_bugtraq_id(15629);
      script_xref(name:"FEDORA", value:"2005-1113");
    
      script_name(english:"Fedora Core 4 : perl-5.8.6-18 (2005-1113)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixed CVE-2005-3962 / CVE-2005-3912:
    http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 backported
    upstream patch #26240
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
      script_set_attribute(
        attribute:"see_also",
        value:"http://marc.info/?l=full-disclosure&m=113342788118630&w=2"
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-December/001617.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?f3f50c58"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"perl-5.8.6-18")) flag++;
    if (rpm_check(release:"FC4", reference:"perl-debuginfo-5.8.6-18")) flag++;
    if (rpm_check(release:"FC4", reference:"perl-suidperl-5.8.6-18")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_BB33981A7AC611DABF7200123F589060.NASL
    descriptionThe Perl Development page reports : Dyad Security recently released a security advisory explaining how in certain cases, a carefully crafted format string passed to sprintf can cause a buffer overflow. This buffer overflow can then be used by an attacker to execute code on the machine. This was discovered in the context of a design problem with the Webmin administration package that allowed a malicious user to pass unchecked data into sprintf.
    last seen2020-06-01
    modified2020-06-02
    plugin id21504
    published2006-05-13
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21504
    titleFreeBSD : perl, webmin, usermin -- perl format string integer wrap vulnerability (bb33981a-7ac6-11da-bf72-00123f589060)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from the FreeBSD VuXML database :
    #
    # Copyright 2003-2018 Jacques Vidrine and contributors
    #
    # Redistribution and use in source (VuXML) and 'compiled' forms (SGML,
    # HTML, PDF, PostScript, RTF and so forth) with or without modification,
    # are permitted provided that the following conditions are met:
    # 1. Redistributions of source code (VuXML) must retain the above
    #    copyright notice, this list of conditions and the following
    #    disclaimer as the first lines of this file unmodified.
    # 2. Redistributions in compiled form (transformed to other DTDs,
    #    published online in any format, converted to PDF, PostScript,
    #    RTF and other formats) must reproduce the above copyright
    #    notice, this list of conditions and the following disclaimer
    #    in the documentation and/or other materials provided with the
    #    distribution.
    # 
    # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS"
    # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
    # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
    # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS
    # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,
    # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT
    # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
    # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
    # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE
    # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION,
    # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21504);
      script_version("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:38");
    
      script_cve_id("CVE-2005-3912", "CVE-2005-3962");
      script_bugtraq_id(15629);
    
      script_name(english:"FreeBSD : perl, webmin, usermin -- perl format string integer wrap vulnerability (bb33981a-7ac6-11da-bf72-00123f589060)");
      script_summary(english:"Checks for updated packages in pkg_info output");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote FreeBSD host is missing one or more security-related
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The Perl Development page reports :
    
    Dyad Security recently released a security advisory explaining how in
    certain cases, a carefully crafted format string passed to sprintf can
    cause a buffer overflow. This buffer overflow can then be used by an
    attacker to execute code on the machine. This was discovered in the
    context of a design problem with the Webmin administration package
    that allowed a malicious user to pass unchecked data into sprintf."
      );
      # http://dev.perl.org/perl5/news/2005/perl_patches_fix_sprintf_buffer.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?6f9c3013"
      );
      # http://www.dyadsecurity.com/perl-0002.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a844180b"
      );
      # http://www.dyadsecurity.com/webmin-0001.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e5db4928"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.webmin.com/security.html"
      );
      # https://vuxml.freebsd.org/freebsd/bb33981a-7ac6-11da-bf72-00123f589060.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?27165a73"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:usermin");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:webmin");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/09/23");
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/15");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/05/13");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"FreeBSD Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("freebsd_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD");
    if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (pkg_test(save_report:TRUE, pkg:"perl>=5.6.0<5.6.2")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"perl>=5.8.0<5.8.7_1")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"webmin<1.250")) flag++;
    if (pkg_test(save_report:TRUE, pkg:"usermin<1.180")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get());
      else security_hole(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_SA_2005_071.NASL
    descriptionThe remote host is missing the patch for the advisory SUSE-SA:2005:071 (perl). Integer overflows in the format string functionality in Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap. This requires the attacker to be able to supply format strings to the application, which unfortunately is true for some web applications. This issue is tracked by the Mitre CVE ID CVE-2005-3962.
    last seen2019-10-28
    modified2005-12-30
    plugin id20370
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20370
    titleSUSE-SA:2005:071: perl
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # This plugin text was extracted from SuSE Security Advisory SUSE-SA:2005:071
    #
    
    
    if ( ! defined_func("bn_random") ) exit(0);
    
    include("compat.inc");
    
    if(description)
    {
     script_id(20370);
     script_version ("1.8");
     
     name["english"] = "SUSE-SA:2005:071: perl";
     
     script_name(english:name["english"]);
     
     script_set_attribute(attribute:"synopsis", value:
    "The remote host is missing a vendor-supplied security patch" );
     script_set_attribute(attribute:"description", value:
    "The remote host is missing the patch for the advisory SUSE-SA:2005:071 (perl).
    
    
    Integer overflows in the format string functionality in Perl allows
    attackers to overwrite arbitrary memory and possibly execute arbitrary
    code via format string specifiers with large values, which causes an
    integer wrap.
    
    This requires the attacker to be able to supply format strings to the
    application, which unfortunately is true for some web applications.
    
    This issue is tracked by the Mitre CVE ID CVE-2005-3962." );
     script_set_attribute(attribute:"solution", value:
    "http://www.suse.de/security/advisories/2005_71_perl.html" );
     script_set_attribute(attribute:"risk_factor", value:"High" );
    
    
    
     script_set_attribute(attribute:"plugin_publication_date", value: "2005/12/30");
     script_end_attributes();
    
     
     summary["english"] = "Check for the version of the perl package";
     script_summary(english:summary["english"]);
     
     script_category(ACT_GATHER_INFO);
     
     script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
     family["english"] = "SuSE Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/SuSE/rpm-list");
     exit(0);
    }
    
    include("rpm.inc");
    if ( rpm_check( reference:"perl-5.8.7-5.3", release:"SUSE10.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-5.8.1-133", release:"SUSE9.0") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-5.8.3-32.9", release:"SUSE9.1") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-5.8.5-3.5", release:"SUSE9.2") )
    {
     security_hole(0);
     exit(0);
    }
    if ( rpm_check( reference:"perl-5.8.6-5.3", release:"SUSE9.3") )
    {
     security_hole(0);
     exit(0);
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-222-2.NASL
    descriptionUSN-222-1 fixed a vulnerability in the Perl interpreter. It was discovered that the version of USN-222-1 was not sufficient to handle all possible cases of malformed input that could lead to arbitrary code execution, so another update is necessary. Original advisory : Jack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program. However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20765
    published2006-01-21
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20765
    titleUbuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-2)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-222-2. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20765);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-3962");
      script_xref(name:"USN", value:"222-2");
    
      script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-2)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "USN-222-1 fixed a vulnerability in the Perl interpreter. It was
    discovered that the version of USN-222-1 was not sufficient to handle
    all possible cases of malformed input that could lead to arbitrary
    code execution, so another update is necessary.
    
    Original advisory :
    
    Jack Louis of Dyad Security discovered that Perl did not sufficiently
    check the explicit length argument in format strings. Specially
    crafted format strings with overly large length arguments led to a
    crash of the Perl interpreter or even to execution of arbitrary
    attacker-defined code with the privileges of the user running the Perl
    program.
    
    However, this attack was only possible in insecure Perl
    programs which use variables with user-defined values in
    string interpolations without checking their validity.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcgi-fast-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl5.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-suid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/12");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl-dev", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl5.8", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-base", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-debug", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-doc", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-modules", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-suid", pkgver:"5.8.4-2ubuntu0.6")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libperl-dev", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libperl5.8", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-base", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-debug", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-doc", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-modules", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-suid", pkgver:"5.8.4-6ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libperl-dev", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libperl5.8", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-base", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-debug", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-doc", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-modules", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-suid", pkgver:"5.8.7-5ubuntu1.2")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcgi-fast-perl / libperl-dev / libperl5.8 / perl / perl-base / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1145.NASL
    descriptiono Updated upstream fix for sprintf integer overflow vulnerabilities CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08 o Updated fix for bug 136009 / MakeMaker LD_RUN_PATH issue: restore previous default Red Hat behavior of removing the MakeMaker generated LD_RUN_PATH setting from the link command . Document this removal, as it contravenes upstream default behavior, and provide a USE_MM_LD_RUN_PATH MakeMaker member to enable use of the MakeMaker generated LD_RUN_PATH . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20310
    published2005-12-15
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20310
    titleFedora Core 3 : perl-5.8.5-22.FC3 (2005-1145)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1145.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20310);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_bugtraq_id(15629);
      script_xref(name:"FEDORA", value:"2005-1145");
    
      script_name(english:"Fedora Core 3 : perl-5.8.5-22.FC3 (2005-1145)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "o Updated upstream fix for sprintf integer overflow vulnerabilities
    CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08
    
    o Updated fix for bug 136009 / MakeMaker LD_RUN_PATH issue: restore
    previous default Red Hat behavior of removing the MakeMaker generated
    LD_RUN_PATH setting from the link command . Document this removal, as
    it contravenes upstream default behavior, and provide a
    USE_MM_LD_RUN_PATH MakeMaker member to enable use of the MakeMaker
    generated LD_RUN_PATH .
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-December/001659.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?750f7f52"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"perl-5.8.5-22.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-debuginfo-5.8.5-22.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-suidperl-5.8.5-22.FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119985-02.NASL
    descriptionSunOS 5.10: perl patch. Date this patch was last updated by Sun : Feb/27/06
    last seen2020-06-01
    modified2020-06-02
    plugin id107352
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107352
    titleSolaris 10 (sparc) : 119985-02
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107352);
      script_version("1.6");
      script_cvs_date("Date: 2019/10/25 13:36:23");
    
      script_cve_id("CVE-2005-3962");
    
      script_name(english:"Solaris 10 (sparc) : 119985-02");
      script_summary(english:"Check for patch 119985-02");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 119985-02"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10: perl patch.
    Date this patch was last updated by Sun : Feb/27/06"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://download.oracle.com/sunalerts/1000809.1.html"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 119985-02");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:119985");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "sparc") audit(AUDIT_ARCH_NOT, "sparc", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119985-02", obsoleted_by:"120011-14 120473-05 ", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119985-02", obsoleted_by:"120011-14 120473-05 ", package:"SUNWperl584usr", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    if (solaris_check_patch(release:"5.10", arch:"sparc", patch:"119985-02", obsoleted_by:"120011-14 120473-05 ", package:"SUNWpl5u", version:"11.10.0,REV=2005.01.21.15.53") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWperl584core / SUNWperl584usr / SUNWpl5u");
    }
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-880.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id21974
    published2006-07-05
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21974
    titleCentOS 4 : perl (CESA-2005:880)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:880 and 
    # CentOS Errata and Security Advisory 2005:880 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21974);
      script_version("1.16");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2005-3962");
      script_bugtraq_id(15629);
      script_xref(name:"RHSA", value:"2005:880");
    
      script_name(english:"CentOS 4 : perl (CESA-2005:880)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script which passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012497.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a2501452"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012521.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a15b784f"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012522.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b462d583"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/22");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/05");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 4.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-4", reference:"perl-5.8.5-24.RHEL4")) flag++;
    if (rpm_check(release:"CentOS-4", reference:"perl-suidperl-5.8.5-24.RHEL4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-suidperl");
    }
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-881.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id20367
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20367
    titleRHEL 3 : perl (RHSA-2005:881)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:881. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20367);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962");
      script_xref(name:"RHSA", value:"2005:881");
    
      script_name(english:"RHEL 3 : perl (RHSA-2005:881)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script wich passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Paul Szabo discovered a bug in the way Perl's File::Path::rmtree
    module removed directory trees. If a local user has write permissions
    to a subdirectory within the tree being removed by File::Path::rmtree,
    it is possible for them to create setuid binary files. (CVE-2005-0448)
    
    Solar Designer discovered several temporary file bugs in various Perl
    modules. A local attacker could overwrite or create files as the user
    running a Perl script that uses a vulnerable module. (CVE-2004-0976)
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2004-0976"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-0448"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:881"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-DB_File");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 3.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:881";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL3", reference:"perl-5.8.0-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-CGI-2.89-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-CPAN-1.61-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-DB_File-1.806-90.4")) flag++;
      if (rpm_check(release:"RHEL3", reference:"perl-suidperl-5.8.0-90.4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
      }
    }
    
  • NASL familyMandriva Local Security Checks
    NASL idMANDRAKE_MDKSA-2005-225.NASL
    descriptionJack Louis discovered a new way to exploit format string errors in the Perl programming language that could lead to the execution of arbitrary code. The updated packages are patched to close the particular exploit vector in Perl itself, to mitigate the risk of format string programming errors, however it does not fix problems that may exist in particular pieces of software written in Perl.
    last seen2020-06-01
    modified2020-06-02
    plugin id20456
    published2006-01-15
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20456
    titleMandrake Linux Security Advisory : perl (MDKSA-2005:225)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Mandrake Linux Security Advisory MDKSA-2005:225. 
    # The text itself is copyright (C) Mandriva S.A.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20456);
      script_version ("1.18");
      script_cvs_date("Date: 2019/08/02 13:32:48");
    
      script_cve_id("CVE-2005-3962");
      script_bugtraq_id(15629);
      script_xref(name:"MDKSA", value:"2005:225");
    
      script_name(english:"Mandrake Linux Security Advisory : perl (MDKSA-2005:225)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Mandrake Linux host is missing one or more security
    updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jack Louis discovered a new way to exploit format string errors in the
    Perl programming language that could lead to the execution of
    arbitrary code.
    
    The updated packages are patched to close the particular exploit
    vector in Perl itself, to mitigate the risk of format string
    programming errors, however it does not fix problems that may exist in
    particular pieces of software written in Perl."
      );
      # http://www.dyadsecurity.com/perl-0002.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a844180b"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:mandriva:linux:perl-suid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandrakesoft:mandrake_linux:10.1");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:mandriva:linux:2006");
      script_set_attribute(attribute:"cpe", value:"x-cpe:/o:mandrakesoft:mandrake_linux:le2005");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/08");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Mandriva Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/Mandrake/release", "Host/Mandrake/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Mandrake/release")) audit(AUDIT_OS_NOT, "Mandriva / Mandake Linux");
    if (!get_kb_item("Host/Mandrake/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if (cpu !~ "^(amd64|i[3-6]86|x86_64)$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Mandriva / Mandrake Linux", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"MDK10.1", reference:"perl-5.8.5-3.5.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-base-5.8.5-3.5.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-devel-5.8.5-3.5.101mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.1", reference:"perl-doc-5.8.5-3.5.101mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK10.2", reference:"perl-5.8.6-6.2.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"perl-base-5.8.6-6.2.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"perl-devel-5.8.6-6.2.102mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK10.2", reference:"perl-doc-5.8.6-6.2.102mdk", yank:"mdk")) flag++;
    
    if (rpm_check(release:"MDK2006.0", reference:"perl-5.8.7-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"perl-base-5.8.7-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"perl-devel-5.8.7-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"perl-doc-5.8.7-3.2.20060mdk", yank:"mdk")) flag++;
    if (rpm_check(release:"MDK2006.0", reference:"perl-suid-5.8.7-3.2.20060mdk", yank:"mdk")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_122082-01.NASL
    descriptionSunOS 5.10_x86: perl format string patch. Date this patch was last updated by Sun : Feb/23/06
    last seen2020-06-01
    modified2020-06-02
    plugin id107879
    published2018-03-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/107879
    titleSolaris 10 (x86) : 122082-01
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text in this plugin was
    # extracted from the Oracle SunOS Patch Updates.
    #
    include("compat.inc");
    
    if (description)
    {
      script_id(107879);
      script_version("1.7");
      script_cvs_date("Date: 2019/10/25 13:36:23");
    
      script_cve_id("CVE-2005-3962");
    
      script_name(english:"Solaris 10 (x86) : 122082-01");
      script_summary(english:"Check for patch 122082-01");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote host is missing Sun Security Patch number 122082-01"
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "SunOS 5.10_x86: perl format string patch.
    Date this patch was last updated by Sun : Feb/23/06"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://download.oracle.com/sunalerts/1000809.1.html"
      );
      script_set_attribute(attribute:"solution", value:"Install patch 122082-01");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:10:122082");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/02/23");
      script_set_attribute(attribute:"plugin_publication_date", value:"2018/03/12");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Solaris Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Solaris/showrev");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("solaris.inc");
    
    showrev = get_kb_item("Host/Solaris/showrev");
    if (empty_or_null(showrev)) audit(AUDIT_OS_NOT, "Solaris");
    os_ver = pregmatch(pattern:"Release: (\d+.(\d+))", string:showrev);
    if (empty_or_null(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Solaris");
    full_ver = os_ver[1];
    os_level = os_ver[2];
    if (full_ver != "5.10") audit(AUDIT_OS_NOT, "Solaris 10", "Solaris " + os_level);
    package_arch = pregmatch(pattern:"Application architecture: (\w+)", string:showrev);
    if (empty_or_null(package_arch)) audit(AUDIT_UNKNOWN_ARCH);
    package_arch = package_arch[1];
    if (package_arch != "i386") audit(AUDIT_ARCH_NOT, "i386", package_arch);
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"122082-01", obsoleted_by:"120012-14 120037-15 ", package:"SUNWperl584core", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
    if (solaris_check_patch(release:"5.10_x86", arch:"i386", patch:"122082-01", obsoleted_by:"120012-14 120037-15 ", package:"SUNWperl584usr", version:"11.10.0,REV=2005.01.21.16.34") < 0) flag++;
    
    if (flag) {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : solaris_get_report()
      );
    } else {
      patch_fix = solaris_patch_fix_get();
      if (!empty_or_null(patch_fix)) audit(AUDIT_PATCH_INSTALLED, patch_fix, "Solaris 10");
      tested = solaris_pkg_tests_get();
      if (!empty_or_null(tested)) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      audit(AUDIT_PACKAGE_NOT_INSTALLED, "SUNWperl584core / SUNWperl584usr");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1144.NASL
    descriptiono Updated upstream fix for sprintf integer overflow vulnerabilities CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08 o Updated fix for bug 136009 / MakeMaker LD_RUN_PATH issue: restore previous default Red Hat behavior of removing the MakeMaker generated LD_RUN_PATH setting from the link command .Document this removal, as it contravenes upstream default behavior, and provide a USE_MM_LD_RUN_PATH MakeMaker member to enable use of the MakeMaker generated LD_RUN_PATH . Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20309
    published2005-12-15
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20309
    titleFedora Core 4 : perl-5.8.6-22 (2005-1144)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1144.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20309);
      script_version ("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_bugtraq_id(15629);
      script_xref(name:"FEDORA", value:"2005-1144");
    
      script_name(english:"Fedora Core 4 : perl-5.8.6-22 (2005-1144)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "o Updated upstream fix for sprintf integer overflow vulnerabilities
    CVE-2005-3962 and CVE-2005-3912, including new Sys::Syslog 0.08
    
    o Updated fix for bug 136009 / MakeMaker LD_RUN_PATH issue: restore
    previous default Red Hat behavior of removing the MakeMaker generated
    LD_RUN_PATH setting from the link command .Document this removal, as
    it contravenes upstream default behavior, and provide a
    USE_MM_LD_RUN_PATH MakeMaker member to enable use of the MakeMaker
    generated LD_RUN_PATH .
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-December/001658.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?1c082253"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:A/AC:L/Au:N/C:N/I:N/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:ND");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:4");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/14");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/15");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 4.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC4", reference:"perl-5.8.6-22")) flag++;
    if (rpm_check(release:"FC4", reference:"perl-debuginfo-5.8.6-22")) flag++;
    if (rpm_check(release:"FC4", reference:"perl-suidperl-5.8.6-22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_note(port:0, extra:rpm_report_get());
      else security_note(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl");
    }
    
  • NASL familyGentoo Local Security Checks
    NASL idGENTOO_GLSA-200512-01.NASL
    descriptionThe remote host is affected by the vulnerability described in GLSA-200512-01 (Perl: Format string errors can lead to code execution) Jack Louis discovered a new way to exploit format string errors in Perl that could lead to the execution of arbitrary code. This is perfomed by causing an integer wrap overflow in the efix variable inside the function Perl_sv_vcatpvfn. The proposed fix closes that specific exploitation vector to mitigate the risk of format string programming errors in Perl. This fix does not remove the need to fix such errors in Perl code. Impact : Perl applications making improper use of printf functions (or derived functions) using untrusted data may be vulnerable to the already-known forms of Perl format string exploits and also to the execution of arbitrary code. Workaround : Fix all misbehaving Perl applications so that they make proper use of the printf and derived Perl functions.
    last seen2020-06-01
    modified2020-06-02
    plugin id20280
    published2005-12-08
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20280
    titleGLSA-200512-01 : Perl: Format string errors can lead to code execution
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Gentoo Linux Security Advisory GLSA 200512-01.
    #
    # The advisory text is Copyright (C) 2001-2018 Gentoo Foundation, Inc.
    # and licensed under the Creative Commons - Attribution / Share Alike 
    # license. See http://creativecommons.org/licenses/by-sa/3.0/
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20280);
      script_version("1.16");
      script_cvs_date("Date: 2019/08/02 13:32:43");
    
      script_cve_id("CVE-2005-3962");
      script_xref(name:"GLSA", value:"200512-01");
    
      script_name(english:"GLSA-200512-01 : Perl: Format string errors can lead to code execution");
      script_summary(english:"Checks for updated package(s) in /var/db/pkg");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Gentoo host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The remote host is affected by the vulnerability described in GLSA-200512-01
    (Perl: Format string errors can lead to code execution)
    
        Jack Louis discovered a new way to exploit format string errors in
        Perl that could lead to the execution of arbitrary code. This is
        perfomed by causing an integer wrap overflow in the efix variable
        inside the function Perl_sv_vcatpvfn. The proposed fix closes that
        specific exploitation vector to mitigate the risk of format string
        programming errors in Perl. This fix does not remove the need to fix
        such errors in Perl code.
      
    Impact :
    
        Perl applications making improper use of printf functions (or
        derived functions) using untrusted data may be vulnerable to the
        already-known forms of Perl format string exploits and also to the
        execution of arbitrary code.
      
    Workaround :
    
        Fix all misbehaving Perl applications so that they make proper use
        of the printf and derived Perl functions."
      );
      # http://www.dyadsecurity.com/perl-0002.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?a844180b"
      );
      # http://www.securityfocus.com/archive/1/418460/30/30
      script_set_attribute(
        attribute:"see_also",
        value:"https://www.securityfocus.com/archive/1/418460/30/30"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://security.gentoo.org/glsa/200512-01"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "All Perl users should upgrade to the latest version:
        # emerge --sync
        # emerge --ask --oneshot --verbose dev-lang/perl"
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/07");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/08");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Gentoo Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("qpkg.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo");
    if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    
    if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.8.7-r3", "rge 5.8.6-r8"), vulnerable:make_list("lt 5.8.7-r3"))) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:qpkg_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = qpkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl");
    }
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_119985.NASL
    descriptionSunOS 5.10: perl patch. Date this patch was last updated by Sun : Feb/27/06
    last seen2018-09-01
    modified2018-08-13
    plugin id21006
    published2006-03-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=21006
    titleSolaris 10 (sparc) : 119985-02
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/10/24.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(21006);
     script_version("1.28");
    
     script_name(english: "Solaris 10 (sparc) : 119985-02");
     script_cve_id("CVE-2005-3962");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 119985-02");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10: perl patch.
    Date this patch was last updated by Sun : Feb/27/06');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "http://download.oracle.com/sunalerts/1000809.1.html");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/03/06");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/01");
     script_end_attributes();
    
     script_summary(english: "Check for patch 119985-02");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familyCentOS Local Security Checks
    NASL idCENTOS_RHSA-2005-881.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 3. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id21877
    published2006-07-03
    reporterThis script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/21877
    titleCentOS 3 : perl (CESA-2005:881)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:881 and 
    # CentOS Errata and Security Advisory 2005:881 respectively.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(21877);
      script_version("1.18");
      script_cvs_date("Date: 2019/10/25 13:36:03");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0448", "CVE-2005-3962");
      script_xref(name:"RHSA", value:"2005:881");
    
      script_name(english:"CentOS 3 : perl (CESA-2005:881)");
      script_summary(english:"Checks rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote CentOS host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 3.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script wich passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Paul Szabo discovered a bug in the way Perl's File::Path::rmtree
    module removed directory trees. If a local user has write permissions
    to a subdirectory within the tree being removed by File::Path::rmtree,
    it is possible for them to create setuid binary files. (CVE-2005-0448)
    
    Solar Designer discovered several temporary file bugs in various Perl
    modules. A local attacker could overwrite or create files as the user
    running a Perl script that uses a vulnerable module. (CVE-2004-0976)
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012484.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d3499679"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012485.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?b2e0e61e"
      );
      # https://lists.centos.org/pipermail/centos-announce/2005-December/012491.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?ad8f78f3"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected perl packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CGI");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CPAN");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-DB_File");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:3");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/02/09");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/07/03");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"CentOS Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/CentOS/release");
    if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS");
    os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS");
    os_ver = os_ver[1];
    if (! preg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 3.x", "CentOS " + os_ver);
    
    if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu);
    
    
    flag = 0;
    if (rpm_check(release:"CentOS-3", reference:"perl-5.8.0-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-CGI-2.89-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-CPAN-1.61-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-DB_File-1.806-90.4")) flag++;
    if (rpm_check(release:"CentOS-3", reference:"perl-suidperl-5.8.0-90.4")) flag++;
    
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : rpm_report_get()
      );
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI / perl-CPAN / perl-DB_File / perl-suidperl");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2005-1116.NASL
    descriptionFixes security vulnerabilites: CVE-2005-3962: http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2 CVE-2005-3912: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912 CVE-2005-0452: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452 CVE-2004-0976: http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20258
    published2005-12-07
    reporterThis script is Copyright (C) 2005-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20258
    titleFedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2005-1116.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20258);
      script_version ("1.14");
      script_cvs_date("Date: 2019/08/02 13:32:23");
    
      script_cve_id("CVE-2004-0976", "CVE-2005-0452", "CVE-2005-3912");
      script_xref(name:"FEDORA", value:"2005-1116");
    
      script_name(english:"Fedora Core 3 : perl-5.8.5-18.FC3 (2005-1116)");
      script_summary(english:"Checks rpm output for the updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora Core host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Fixes security vulnerabilites: CVE-2005-3962:
    http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
    CVE-2005-3912:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3912
    CVE-2005-0452:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-0452
    CVE-2004-0976:
    http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2004-0976
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      # http://marc.theaimsgroup.com/?l=full-disclosure&m=113342788118630&w=2
      script_set_attribute(
        attribute:"see_also",
        value:"http://marc.info/?l=full-disclosure&m=113342788118630&w=2"
      );
      # https://lists.fedoraproject.org/pipermail/announce/2005-December/001619.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?d31a6906"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Update the affected perl, perl-debuginfo and / or perl-suidperl
    packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
      script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"true");
      script_set_attribute(attribute:"exploit_framework_core", value:"true");
      script_set_attribute(attribute:"exploit_framework_canvas", value:"true");
      script_set_attribute(attribute:"canvas_package", value:'CANVAS');
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora_core:3");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/01");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/07");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^3([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 3.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC3", reference:"perl-5.8.5-18.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-debuginfo-5.8.5-18.FC3")) flag++;
    if (rpm_check(release:"FC3", reference:"perl-suidperl-5.8.5-18.FC3")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get());
      else security_hole(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-debuginfo / perl-suidperl");
    }
    
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DSA-943.NASL
    descriptionJack Louis discovered an integer overflow in Perl, Larry Wall
    last seen2020-06-01
    modified2020-06-02
    plugin id22809
    published2006-10-14
    reporterThis script is Copyright (C) 2006-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/22809
    titleDebian DSA-943-1 : perl - integer overflow
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Debian Security Advisory DSA-943. The text 
    # itself is copyright (C) Software in the Public Interest, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(22809);
      script_version("1.17");
      script_cvs_date("Date: 2019/08/02 13:32:20");
    
      script_cve_id("CVE-2005-3962");
      script_xref(name:"DSA", value:"943");
    
      script_name(english:"Debian DSA-943-1 : perl - integer overflow");
      script_summary(english:"Checks dpkg output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Debian host is missing a security-related update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jack Louis discovered an integer overflow in Perl, Larry Wall's
    Practical Extraction and Report Language, that allows attackers to
    overwrite arbitrary memory and possibly execute arbitrary code via
    specially crafted content that is passed to vulnerable format strings
    of third-party software.
    
    The old stable distribution (woody) does not seem to be affected by
    this problem."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=341542"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.debian.org/security/2006/dsa-943"
      );
      script_set_attribute(
        attribute:"solution", 
        value:
    "Upgrade the perl packages.
    
    For the stable distribution (sarge) this problem has been fixed in
    version 5.8.4-8sarge3."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:3.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2006/01/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/10/14");
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/01");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
      script_family(english:"Debian Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("debian_package.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian");
    if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    
    flag = 0;
    if (deb_check(release:"3.1", prefix:"libcgi-fast-perl", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"libperl-dev", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"libperl5.8", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl-base", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl-debug", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl-doc", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl-modules", reference:"5.8.4-8sarge3")) flag++;
    if (deb_check(release:"3.1", prefix:"perl-suid", reference:"5.8.4-8sarge3")) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:deb_report_get());
      else security_warning(0);
      exit(0);
    }
    else audit(AUDIT_HOST_NOT, "affected");
    
  • NASL familySolaris Local Security Checks
    NASL idSOLARIS10_X86_122082.NASL
    descriptionSunOS 5.10_x86: perl format string patch. Date this patch was last updated by Sun : Feb/23/06
    last seen2018-09-01
    modified2018-08-13
    plugin id21008
    published2006-03-06
    reporterTenable
    sourcehttps://www.tenable.com/plugins/index.php?view=single&id=21008
    titleSolaris 10 (x86) : 122082-01
    code
    #%NASL_MIN_LEVEL 80502
    
    # @DEPRECATED@
    #
    # This script has been deprecated as the associated patch is not
    # currently a recommended security fix.
    #
    # Disabled on 2011/10/24.
    #
    
    #
    # (C) Tenable Network Security, Inc.
    #
    #
    
    if ( ! defined_func("bn_random") ) exit(0);
    include("compat.inc");
    
    if(description)
    {
     script_id(21008);
     script_version("1.27");
    
     script_name(english: "Solaris 10 (x86) : 122082-01");
     script_cve_id("CVE-2005-3962");
     script_set_attribute(attribute: "synopsis", value:
    "The remote host is missing Sun Security Patch number 122082-01");
     script_set_attribute(attribute: "description", value:
    'SunOS 5.10_x86: perl format string patch.
    Date this patch was last updated by Sun : Feb/23/06');
     script_set_attribute(attribute: "solution", value:
    "You should install this patch for your system to be up-to-date.");
     script_set_attribute(attribute: "see_also", value:
    "http://download.oracle.com/sunalerts/1000809.1.html");
     script_set_attribute(attribute: "cvss_vector", value: "CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
     script_set_attribute(attribute:"plugin_publication_date", value: "2006/03/06");
     script_cvs_date("Date: 2019/10/25 13:36:23");
     script_set_attribute(attribute:"vuln_publication_date", value: "2005/12/01");
     script_end_attributes();
    
     script_summary(english: "Check for patch 122082-01");
     script_category(ACT_GATHER_INFO);
     script_copyright(english:"This script is Copyright (C) 2006-2019 Tenable Network Security, Inc.");
     family["english"] = "Solaris Local Security Checks";
     script_family(english:family["english"]);
     
     script_dependencies("ssh_get_info.nasl");
     script_require_keys("Host/Solaris/showrev");
     exit(0);
    }
    
    # Deprecated.
    exit(0, "The associated patch is not currently a recommended security fix.");
    
  • NASL familyRed Hat Local Security Checks
    NASL idREDHAT-RHSA-2005-880.NASL
    descriptionUpdated Perl packages that fix security issues and bugs are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. Perl is a high-level programming language commonly used for system administration utilities and Web programming. An integer overflow bug was found in Perl
    last seen2020-06-01
    modified2020-06-02
    plugin id20366
    published2005-12-30
    reporterThis script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/20366
    titleRHEL 4 : perl (RHSA-2005:880)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Red Hat Security Advisory RHSA-2005:880. The text 
    # itself is copyright (C) Red Hat, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20366);
      script_version ("1.23");
      script_cvs_date("Date: 2019/10/25 13:36:11");
    
      script_cve_id("CVE-2005-3962");
      script_bugtraq_id(15629);
      script_xref(name:"RHSA", value:"2005:880");
    
      script_name(english:"RHEL 4 : perl (RHSA-2005:880)");
      script_summary(english:"Checks the rpm output for the updated packages");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Red Hat host is missing one or more security updates."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Updated Perl packages that fix security issues and bugs are now
    available for Red Hat Enterprise Linux 4.
    
    This update has been rated as having moderate security impact by the
    Red Hat Security Response Team.
    
    Perl is a high-level programming language commonly used for system
    administration utilities and Web programming.
    
    An integer overflow bug was found in Perl's format string processor.
    It is possible for an attacker to cause perl to crash or execute
    arbitrary code if the attacker is able to process a malicious format
    string. This issue is only exploitable through a script which passes
    arbitrary untrusted strings to the format string processor. The Common
    Vulnerabilities and Exposures project assigned the name CVE-2005-3962
    to this issue.
    
    Users of Perl are advised to upgrade to these updated packages, which
    contain backported patches to correct these issues as well as fixes
    for several bugs."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/security/cve/cve-2005-3962"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://access.redhat.com/errata/RHSA-2005:880"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected perl and / or perl-suidperl packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:perl-suidperl");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:4");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2005/12/01");
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2005/12/30");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2005-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Red Hat Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("misc_func.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat");
    os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat");
    os_ver = os_ver[1];
    if (! preg(pattern:"^4([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 4.x", "Red Hat " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu);
    
    yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo");
    if (!empty_or_null(yum_updateinfo)) 
    {
      rhsa = "RHSA-2005:880";
      yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa);
      if (!empty_or_null(yum_report))
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : yum_report 
        );
        exit(0);
      }
      else
      {
        audit_message = "affected by Red Hat security advisory " + rhsa;
        audit(AUDIT_OS_NOT, audit_message);
      }
    }
    else
    {
      flag = 0;
      if (rpm_check(release:"RHEL4", reference:"perl-5.8.5-24.RHEL4")) flag++;
      if (rpm_check(release:"RHEL4", reference:"perl-suidperl-5.8.5-24.RHEL4")) flag++;
    
      if (flag)
      {
        security_report_v4(
          port       : 0,
          severity   : SECURITY_WARNING,
          extra      : rpm_report_get() + redhat_report_package_caveat()
        );
        exit(0);
      }
      else
      {
        tested = pkg_tests_get();
        if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
        else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-suidperl");
      }
    }
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-222-1.NASL
    descriptionJack Louis of Dyad Security discovered that Perl did not sufficiently check the explicit length argument in format strings. Specially crafted format strings with overly large length arguments led to a crash of the Perl interpreter or even to execution of arbitrary attacker-defined code with the privileges of the user running the Perl program. However, this attack was only possible in insecure Perl programs which use variables with user-defined values in string interpolations without checking their validity. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id20764
    published2006-01-21
    reporterUbuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/20764
    titleUbuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)
    code
    #%NASL_MIN_LEVEL 80502
    
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-222-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(20764);
      script_version("1.13");
      script_cvs_date("Date: 2019/08/02 13:33:00");
    
      script_cve_id("CVE-2005-3962");
      script_xref(name:"USN", value:"222-1");
    
      script_name(english:"Ubuntu 4.10 / 5.04 / 5.10 : perl vulnerability (USN-222-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Jack Louis of Dyad Security discovered that Perl did not sufficiently
    check the explicit length argument in format strings. Specially
    crafted format strings with overly large length arguments led to a
    crash of the Perl interpreter or even to execution of arbitrary
    attacker-defined code with the privileges of the user running the Perl
    program.
    
    However, this attack was only possible in insecure Perl programs which
    use variables with user-defined values in string interpolations
    without checking their validity.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(attribute:"solution", value:"Update the affected packages.");
      script_set_cvss_base_vector("CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:P");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libcgi-fast-perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl-dev");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libperl5.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-base");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-debug");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-doc");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-modules");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl-suid");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:4.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:5.10");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2005/12/02");
      script_set_attribute(attribute:"plugin_publication_date", value:"2006/01/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2005-2019 Canonical, Inc. / NASL script (C) 2006-2016 Tenable Network Security, Inc.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! ereg(pattern:"^(4\.10|5\.04|5\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 4.10 / 5.04 / 5.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"4.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl-dev", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"libperl5.8", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-base", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-debug", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-doc", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-modules", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"4.10", pkgname:"perl-suid", pkgver:"5.8.4-2ubuntu0.5")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libcgi-fast-perl", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libperl-dev", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"libperl5.8", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-base", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-debug", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-doc", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-modules", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.04", pkgname:"perl-suid", pkgver:"5.8.4-6ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libcgi-fast-perl", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libperl-dev", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"libperl5.8", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-base", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-debug", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-doc", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-modules", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    if (ubuntu_check(osver:"5.10", pkgname:"perl-suid", pkgver:"5.8.7-5ubuntu1.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_WARNING,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libcgi-fast-perl / libperl-dev / libperl5.8 / perl / perl-base / etc");
    }
    

Oval

  • accepted2013-04-29T04:06:59.152-04:00
    classvulnerability
    contributors
    • nameAharon Chernin
      organizationSCAP.com, LLC
    • nameDragos Prisaca
      organizationG2, Inc.
    definition_extensions
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 3
      ovaloval:org.mitre.oval:def:11782
    • commentCentOS Linux 3.x
      ovaloval:org.mitre.oval:def:16651
    • commentThe operating system installed on the system is Red Hat Enterprise Linux 4
      ovaloval:org.mitre.oval:def:11831
    • commentCentOS Linux 4.x
      ovaloval:org.mitre.oval:def:16636
    • commentOracle Linux 4.x
      ovaloval:org.mitre.oval:def:15990
    descriptionInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
    familyunix
    idoval:org.mitre.oval:def:10598
    statusaccepted
    submitted2010-07-09T03:56:16-04:00
    titleInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
    version26
  • accepted2006-05-03T10:06:00.000-04:00
    classvulnerability
    contributors
    nameRobert L. Hollis
    organizationThreatGuard, Inc.
    descriptionInteger overflow in the format string functionality (Perl_sv_vcatpvfn) in Perl 5.9.2 and 5.8.6 Perl allows attackers to overwrite arbitrary memory and possibly execute arbitrary code via format string specifiers with large values, which causes an integer wrap and leads to a buffer overflow, as demonstrated using format string vulnerabilities in Perl applications.
    familyunix
    idoval:org.mitre.oval:def:1074
    statusaccepted
    submitted2006-03-02T02:05:00.000-04:00
    titlePerl Format String Integer Overflow Vulnerability
    version36

Redhat

advisories
  • rhsa
    idRHSA-2005:880
  • rhsa
    idRHSA-2005:881
rpms
  • perl-3:5.8.5-24.RHEL4
  • perl-debuginfo-3:5.8.5-24.RHEL4
  • perl-suidperl-3:5.8.5-24.RHEL4
  • perl-2:5.8.0-90.4
  • perl-CGI-2:2.89-90.4
  • perl-CPAN-2:1.61-90.4
  • perl-DB_File-2:1.806-90.4
  • perl-suidperl-2:5.8.0-90.4

Seebug

  • bulletinFamilyexploit
    descriptionApple Mac OS X是一款基于BSD的操作系统。 Apple Mac OS X存在多个安全问题,远程和本地攻击者可以利用漏洞进行恶意代码执行,拒绝服务攻击,特权提升,覆盖文件,获得敏感信息等攻击。 具体问题如下: AirPort-CVE-ID: CVE-2006-5710: AirPort无线驱动不正确处理应答帧,可导致基于堆的溢出。 ATS-CVE-ID: CVE-2006-4396: Apple Type服务不安全建立错误日至可导致任意文件覆盖。 ATS-CVE-ID: CVE-2006-4398: Apple Type服务存在多个缓冲区溢出,可导致以高权限执行任意代码。 ATS-CVE-ID: CVE-2006-4400: 利用特殊的字体文件,可导致任意代码执行。 CFNetwork-CVE-ID: CVE-2006-4401: 通过诱使用户访问恶意ftp URI,可导致任意ftp命令执行。 ClamAV-CVE-ID: CVE-2006-4182: 恶意email消息可导致ClamAV执行任意代码。 Finder-CVE-ID: CVE-2006-4402: 通过浏览共享目录可导致应用程序崩溃或执行任意代码。 ftpd-CVE-ID: CVE-2006-4403: 当ftp访问启用时,未授权用户可判别合法的账户名。 gnuzip-CVE-ID: CVE-2006-4334, CVE-2006-4335, CVE-2006-4336, CVE-2006-4337, CVE-2006-4338: gunzip处理压缩文件存在多个问题,可导致应用程序崩溃或执行任意指令。 Installer-CVE-ID: CVE-2006-4404: 当以管理用户安装软件时,系统权限可能被未授权利用。 OpenSSL-CVE-ID: CVE-2006-2937, CVE-2006-2940, CVE-2006-3738, CVE-2006-4339, CVE-2006-4343: OpenSSL存在多个安全问题可导致任意代码执行或者获得敏感信息。 perl-CVE-ID: CVE-2005-3962: 不安全处理字符串,可导致Perl应用程序执行任意代码。 PHP-CVE-ID: CVE-2006-1490, CVE-2006-1990: Php应用程序存在多个问题,可导致拒绝服务或执行任意代码。 PHP-CVE-ID: CVE-2006-5465: PHP的htmlentities()和htmlspecialchars()函数存在缓冲区溢出,可导致任意代码执行。 PPP-CVE-ID: CVE-2006-4406: 在不可信的本地网络上使用PPPoE可导致任意代码执行。 Samba-CVE-ID: CVE-2006-3403: 当Windows共享使用时,远程攻击者可进行拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4407: 不安全的传送方法可导致不协商最安全的加密信息。 Security Framework-CVE-ID: CVE-2006-4408: 处理X.509证书时可导致拒绝服务攻击。 Security Framework-CVE-ID: CVE-2006-4409: 当使用http代理时,证书废弃列表不能获得。 Security Framework-CVE-ID: CVE-2006-4410: 部分调用证书错误的被授权。 VPN-CVE-ID: CVE-2006-4411: 恶意本地用户可获得系统特权。 WebKit-CVE-ID: CVE-2006-4412: 通过诱使用户浏览恶意web页执行任意代码。 Apple Mac OS X Server 10.4.8 Apple Mac OS X Server 10.4.7 Apple Mac OS X Server 10.4.6 Apple Mac OS X Server 10.4.5 Apple Mac OS X Server 10.4.4 Apple Mac OS X Server 10.4.3 Apple Mac OS X Server 10.4.2 Apple Mac OS X Server 10.4.1 Apple Mac OS X Server 10.4 Apple Mac OS X Server 10.3.9 Apple Mac OS X Server 10.3.8 Apple Mac OS X Server 10.3.7 Apple Mac OS X Server 10.3.6 Apple Mac OS X Server 10.3.5 Apple Mac OS X Server 10.3.4 Apple Mac OS X Server 10.3.3 Apple Mac OS X Server 10.3.2 Apple Mac OS X Server 10.3.1 Apple Mac OS X Server 10.3 Apple Mac OS X Server 10.2.8 Apple Mac OS X Server 10.2.7 Apple Mac OS X Server 10.2.6 Apple Mac OS X Server 10.2.5 Apple Mac OS X Server 10.2.4 Apple Mac OS X Server 10.2.3 Apple Mac OS X Server 10.2.2 Apple Mac OS X Server 10.2.1 Apple Mac OS X Server 10.2 Apple Mac OS X Server 10.1.5 Apple Mac OS X Server 10.1.4 Apple Mac OS X Server 10.1.3 Apple Mac OS X Server 10.1.2 Apple Mac OS X Server 10.1.1 Apple Mac OS X Server 10.1 Apple Mac OS X Server 10.0 Apple Mac OS X 10.4.8 Apple Mac OS X 10.4.7 Apple Mac OS X 10.4.6 Apple Mac OS X 10.4.5 Apple Mac OS X 10.4.4 Apple Mac OS X 10.4.3 Apple Mac OS X 10.4.2 Apple Mac OS X 10.4.1 Apple Mac OS X 10.4 Apple Mac OS X 10.3.9 Apple Mac OS X 10.3.8 Apple Mac OS X 10.3.7 Apple Mac OS X 10.3.6 Apple Mac OS X 10.3.5 Apple Mac OS X 10.3.4 Apple Mac OS X 10.3.3 Apple Mac OS X 10.3.2 Apple Mac OS X 10.3.1 Apple Mac OS X 10.3 Apple Mac OS X 10.2.8 Apple Mac OS X 10.2.7 Apple Mac OS X 10.2.6 Apple Mac OS X 10.2.5 Apple Mac OS X 10.2.4 Apple Mac OS X 10.2.3 Apple Mac OS X 10.2.2 Apple Mac OS X 10.2.1 Apple Mac OS X 10.2 Apple Mac OS X 10.1.5 Apple Mac OS X 10.1.4 Apple Mac OS X 10.1.3 Apple Mac OS X 10.1.2 Apple Mac OS X 10.1.1 Apple Mac OS X 10.1 Apple Mac OS X 10.1 Apple Mac OS X 10.0.4 Apple Mac OS X 10.0.3 Apple Mac OS X 10.0.2 Apple Mac OS X 10.0.1 Apple Mac OS X 10.0 3 Apple Mac OS X 10.0 <a href="http://docs.info.apple.com/article.html?artnum=304829" target="_blank">http://docs.info.apple.com/article.html?artnum=304829</a>
    idSSV:623
    last seen2017-11-19
    modified2006-11-29
    published2006-11-29
    reporterRoot
    titleApple Mac OS X 2006-007存在多个安全漏洞
  • bulletinFamilyexploit
    descriptionBUGTRAQ ID: 15629 CVE(CAN) ID: CVE-2005-3962,CVE-2005-3912 Perl是一种免费且功能强大的编程语言。 由于Perl没有正确的处理格式化打印函数中的格式指示符导致了格式串溢出漏洞,远程攻击者可能利用此漏洞在主机上执行任意指令。 参数格式串(%I$n)中的INT_MAX值可能导致Perl_sv_vcatpvfn函数中的efix出现整数溢出。攻击者可以利用这个漏洞远程执行任意指令或导致拒绝服务。 Larry Wall Perl <= 5.9.2 Webmin Webmin <= 1.240 Webmin Usermin <= 1.170 Debian ------ Debian已经为此发布了一个安全公告(DSA-943-1)以及相应补丁: DSA-943-1:New Perl packages fix arbitrary code execution 链接:<a href="http://www.debian.org/security/2005/dsa-943" target="_blank">http://www.debian.org/security/2005/dsa-943</a> 补丁下载: Source archives: <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.dsc</a> Size/MD5 checksum: 738 88756767017d421351e02a5226457d2b <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3.diff.gz</a> Size/MD5 checksum: 87851 05a72533cd5bde5fce6987cf39041236 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4.orig.tar.gz</a> Size/MD5 checksum: 12094233 912050a9cb6b0f415b76ba56052fb4cf Architecture independent components: <a href="http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libcgi-fast-perl_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 38332 7d47e456c2bd7c83312bb1ad17738284 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-doc_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 7053372 47e14a8f071c506916e40713e8cc81f7 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-modules_5.8.4-8sarge3_all.deb</a> Size/MD5 checksum: 2178216 4823e4985f8cf1b4af78ec26afbc0102 Alpha architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 805438 0e3cb34c8c093515c7b33fa60a493899 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 1040 f82603c65e3f3def2356962111e411c2 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 3901974 f744b7b871a8071cb403a74d665b7778 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 874714 26e450d8f0375e5a3545c2988205cee4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 4133098 cf772af3fa70e0cf320b43964aeab61e <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_alpha.deb</a> Size/MD5 checksum: 37080 d3863820eaebcbbbe59775a1874da2eb AMD64 architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 605284 c6e097980b5dec33bb340e8f4c76de19 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 1030 08b7c6bb0bb58a02a254826cfee27e33 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 3834144 e7f33d48427be694e994c18f7321d9e0 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 791678 bdbedf5f0e3efb20181a0665d791c6de <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 3934814 ed946cdd2984a538b60acbd034264947 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_amd64.deb</a> Size/MD5 checksum: 32852 ae96f1f115505ab983ed389dee240a83 ARM architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 613158 30cd5528198d49208274e50e60611b0a <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 1026 fc64aa8b67f46fcccb6d85db7cb242ad <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 3132808 226a69d4fa30d1e0a40f4d761826c230 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 737524 b4aaf84bd60fef147d1131c5ffbc6a0a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 3719460 8e8d12058f9f7fb9e153d4c3ff79d0f4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_arm.deb</a> Size/MD5 checksum: 29880 faa9dc0401eb667e202e12f2d2cf9643 Intel IA-32 architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 567048 8488e40844019795a1179a2b9a74f172 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 508818 66f7900d63a2efb0a787e83186613a98 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 3237948 5841d065408022fb2fe0e75febc02d9d <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 751956 b77e882ed9558a09398c2fba334e5b4a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 3735798 bb034b2e756aa35cd5fa9e01a0485b13 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_i386.deb</a> Size/MD5 checksum: 31696 d2c9b1fbc10e89e7868e16fb4c97700d Intel IA-64 architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 866818 3419fdaff605b7ddd485a205c1dd1661 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 1030 c41835cc5573c0e53610e79766b88d11 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 4027834 28436948c3dd298ad38b3c46f69f2cb4 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 1046750 1a70c30abb13449d00a2b34c17c79f17 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 4534216 49cdfeada4c40365e2392a768739d706 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_ia64.deb</a> Size/MD5 checksum: 50104 770378e5ac290729b2943d956cad9c57 HP Precision architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 654878 5f8ad153b0a27e9190e5b754e8174ee7 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 1032 4de6d72cf1f61d6754475a0dd1fe4561 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 3918544 0f83d76853299d10f98842b15b8e7db1 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 867566 cb3a0eb20c71bd8017853de9ea838f7f <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 3911882 fd55c787eb9f30f2e143fac490ea4198 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_hppa.deb</a> Size/MD5 checksum: 34484 e3df6ab97d5e68cbb6346240e4532efc Motorola 680x0 architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 457778 f25f1ebbbb4a5ce7b7a4a79c6256987e <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 1040 9882ea5db94e569a35209a66c74bb390 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 3815032 321dd2b80abad424b678f260d18f323a <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 692196 733bfa10857d842bd907f408b03a8b3d <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 3008672 81a0d0613ebe7b9affcd56174e1f955c <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_m68k.deb</a> Size/MD5 checksum: 27934 68de12bace4cf3de7a339b25119b1611 Big endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 657066 7e2c9980c630b3aa1e60348a4998665a <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 1032 3da5c1e82b6194beac8fe7020a38d7a3 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 3384320 edfa53822abb7626b2bfd6ac4d5923df <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 781078 f4a7b2e1bbd95c9381503b382d35ba58 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 4017490 ddca3a084b7c9f1b841bd3f93e39a1d0 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mips.deb</a> Size/MD5 checksum: 32314 51f707f1c1d3df1c3ad05dc545512c10 Little endian MIPS architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 653526 e7a527c0ed8475df75b3803690081445 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 1038 e7b83c957a6c6822ee5614574653d80e <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 3125384 4446da60977e961ca64ec93a331b0803 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 781672 14e3d605298699dc99e2e5e20310c6b2 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 3967890 3ab0c5407e2b5816ad55e47d7c256869 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_mipsel.deb</a> Size/MD5 checksum: 32434 4f171621c453755b731ce34bad930a62 PowerPC architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 625118 41b2364e5073cd1e177fd6c3e5f455c5 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 1038 2d18de4839ef016646127f4a104f17a1 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 3509324 77fe7a0288d42bbe7abc9357682cdc1b <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 790116 9e189589ef99e78d0f0ddef4fb06440e <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 3701264 886260a4033209be2431ff908cc032e5 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_powerpc.deb</a> Size/MD5 checksum: 33582 ec48dc685b7ac64fb722458e0954edc8 IBM S/390 architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 604116 a2e6f8ee63267dfcf3df2e05f92ce958 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 1032 4d6c1ce7b2f9789fc31cc2440f39a832 <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 3819738 c9523a97cd0716e67821dd6e7508615f <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 800132 ebfc849dbaf0be2afa771a3d5b632467 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 4234804 30fcc4ea55599b8365a0f96153755466 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_s390.deb</a> Size/MD5 checksum: 33244 a55373a563d2546d1286f7fb4de11710 Sun Sparc architecture: <a href="http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl-dev_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 582422 8ec81b47b82fdb3602c42c6fa0559793 <a href="http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/libperl5.8_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 1038 ebbf066210ca33b4282cf347cc771cca <a href="http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 3547312 a609080c2c788fd382f970c21b22d9e7 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-base_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 775666 0e0a56ce4bb224e7bc96ea68ac741d8b <a href="http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-debug_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 3840718 e9ded2d7974b51fbf7933b455b45b604 <a href="http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb" target="_blank">http://security.debian.org/pool/updates/main/p/perl/perl-suid_5.8.4-8sarge3_sparc.deb</a> Size/MD5 checksum: 31034 8cf1966a2428838c58f0fab423b8e16a 补丁安装方法: 1. 手工安装补丁包: 首先,使用下面的命令来下载补丁软件: # wget url (url是补丁下载链接地址) 然后,使用下面的命令来安装补丁: # dpkg -i file.deb (file是相应的补丁名) 2. 使用apt-get自动安装补丁包: 首先,使用下面的命令更新内部数据库: # apt-get update 然后,使用下面的命令安装更新软件包: # apt-get upgrade HP -- HP已经为此发布了一个安全公告(HPSBTU02125)以及相应补丁: HPSBTU02125:SSRT061105 rev.1 - HP Tru64 UNIX Running Perl 5.8.2 and earlier, Local Unauthorized Code Execution 链接:<a href="http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00686865&hpweb_printable=true" target="_blank">http://www2.itrc.hp.com/service/cki/docDisplay.do?docId=c00686865&hpweb_printable=true</a> RedHat ------ RedHat已经为此发布了安全公告(RHSA-2005:880-01,RHSA-2005:881-01)以及相应补丁: RHSA-2005:880-01:Moderate: perl security update 链接:<a href="http://lwn.net/Alerts/165025/?format=printable" target="_blank">http://lwn.net/Alerts/165025/?format=printable</a> RHSA-2005:881-01:Moderate: perl security update 链接:<a href="http://lwn.net/Alerts/165026/?format=printable" target="_blank">http://lwn.net/Alerts/165026/?format=printable</a> SGI --- SGI已经为此发布了一个安全公告(20060101-01-U)以及相应补丁: 20060101-01-U:SGI Advanced Linux Environment 3 Security Update #53 链接:<a href="ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc" target="_blank">ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U.asc</a> Sun --- Sun已经为此发布了一个安全公告(Sun-Alert-102192)以及相应补丁: Sun-Alert-102192:Integer Overflow Vulnerability in Perl May Lead to Application Crash or Code Execution 链接:<a href="http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102192-1" target="_blank">http://sunsolve.sun.com/search/printfriendly.do?assetkey=1-26-102192-1</a> Webmin ------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: * Webmin Upgrade webmin-1.250.tar.gz <a href="http://prdownloads.sourceforge.net/webadmin/webmin-1.250.tar.gz" target="_blank">http://prdownloads.sourceforge.net/webadmin/webmin-1.250.tar.gz</a> * Webmin Upgrade usermin-1.180.tar.gz <a href="http://prdownloads.sourceforge.net/webadmin/usermin-1.180.tar.gz" target="_blank">http://prdownloads.sourceforge.net/webadmin/usermin-1.180.tar.gz</a> Gentoo ------ Gentoo已经为此发布了一个安全公告(GLSA-200512-01)以及相应补丁: GLSA-200512-01:Perl: Format string errors can lead to code execution 链接:<a href="http://security.gentoo.org/glsa/glsa-200512-01.xml" target="_blank">http://security.gentoo.org/glsa/glsa-200512-01.xml</a> 所有Perl用户都应升级到最新版本: # emerge --sync # emerge --ask --oneshot --verbose dev-lang/perl
    idSSV:630
    last seen2017-11-19
    modified2006-11-30
    published2006-11-30
    reporterRoot
    titlePerl格式串处理整数溢出漏洞

References