Vulnerabilities > CVE-2009-3626 - Remote Denial of Service vulnerability in Perl 5.10.1
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
NONE Availability impact
PARTIAL Summary
Perl 5.10.1 allows context-dependent attackers to cause a denial of service (application crash) via a UTF-8 character with a large, invalid codepoint, which is not properly handled during a regular-expression match.
Seebug
| bulletinFamily | exploit |
| description | Bugraq ID: 36812 CVE ID: CVE-2009-3626 Perl是一款流行的网络编程语言。 Perl在处理包含在规则表达式中使用UTF-8字符的字符串时存在错误,远程攻击者可以利用漏洞使解释器崩溃。 提交包含大量非法的UTF-8字符的邮件消息,给使用Perl的应用程序解析,可导致解析器崩溃。 Larry Wall Perl 5.10.1 + Turbolinux Home + Turbolinux Turbolinux Desktop 10.0 厂商解决方案 GIT库已经修正此漏洞,建议用户下载使用: http://perl5.git.perl.org/perl.git/commitdiff/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4 |
| id | SSV:12531 |
| last seen | 2017-11-19 |
| modified | 2009-10-28 |
| published | 2009-10-28 |
| reporter | Root |
| title | Perl UTF-8规则表达式处理远程拒绝服务漏洞 |
Statements
| contributor | Tomas Hoger |
| lastmodified | 2009-10-30 |
| organization | Red Hat |
| statement | Not vulnerable. This issue did not affect the versions of perl as shipped with Red Hat Enterprise Linux 3, 4, or 5. |
References
- http://perl5.git.perl.org/perl.git/commit/0abd0d78a73da1c4d13b1c700526b7e5d03b32d4
- http://rt.perl.org/rt3/Public/Bug/Display.html?id=69973
- http://rt.perl.org/rt3/Ticket/Attachment/617489/295383/
- http://secunia.com/advisories/37144
- http://securitytracker.com/id?1023077
- http://www.openwall.com/lists/oss-security/2009/10/23/8
- http://www.osvdb.org/59283
- http://www.securityfocus.com/bid/36812
- http://www.vupen.com/english/advisories/2009/3023
- https://exchange.xforce.ibmcloud.com/vulnerabilities/53939
- https://issues.apache.org/SpamAssassin/show_bug.cgi?id=6225