Vulnerabilities > CVE-2011-2728 - Remote Code Execution vulnerability in Perl 'decode_xs()' and 'File::Glob::bsd_glob()'

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

MEDIUM

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

perl

nessus

NVD

Published: 2012-12-21

Updated: 2013-01-29

Summary

The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference.

Vulnerable Configurations

Part	Description	Count
Application	Perl Perl Perl 1.00 Perl Perl 1.01 Perl Perl 1.20 Perl Perl 1.21 Perl Perl 1.22 Perl Perl 1.31 Perl Perl 1.32 Perl Perl 1.40 Perl Perl 1.41 Perl Perl 1.42 Perl Perl 1.43 Perl Perl 1.44 Perl Perl 1.45 Perl Perl 1.46 Perl Perl 1.47 Perl Perl 1.48 Perl Perl 1.49 Perl Perl 2.0.0 Perl Perl 2.1.0 Perl Perl 2.1.1 Perl Perl 2.1.2 Perl Perl 2.1.3 Perl Perl 2.2.0 Perl Perl 2.2.1 Perl Perl 2.2.2 Perl Perl 2.3.0 Perl Perl 2.4.0 Perl Perl 2.5.0 Perl Perl 2.5.1 Perl Perl 2.6.0 Perl Perl 2.6.1 Perl Perl 2.6.2 Perl Perl 2.6.3 Perl Perl 2.6.4 Perl Perl 2.6.5 Perl Perl 2.6.6 Perl Perl 2.7.0 Perl Perl 2.7.1 Perl Perl 2.7.2 Perl Perl 2.8.0 Perl Perl 2.8.1 Perl Perl 2.8.2 Perl Perl 2.8.3 Perl Perl 2.8.4 Perl Perl 2.8.5 Perl Perl 2.8.6 Perl Perl 2.8.7 Perl Perl 2.8.8 Perl Perl 2.9.0 Perl Perl 2.9.1 Perl Perl 2.9.2 Perl Perl 2.10.0 Perl Perl 2.10.1 Perl Perl 2.10.2 Perl Perl 2.10.3 Perl Perl 2.10.4 Perl Perl 2.10.5 Perl Perl 2.10.6 Perl Perl 2.10.7 Perl Perl 2.11.0 Perl Perl 2.11.1 Perl Perl 2.11.2 Perl Perl 2.11.3 Perl Perl 2.11.4 Perl Perl 2.11.5 Perl Perl 2.11.6 Perl Perl 2.11.7 Perl Perl 2.11.8 Perl Perl 2.12.0 Perl Perl 2.13.0 Perl Perl 2.14.0 Perl Perl 2.14.1 Perl Perl 2.15.0 Perl Perl 2.15.1 Perl Perl 2.16.0 Perl Perl 2.16.1 Perl Perl 2.17.0 Perl Perl 2.17.1 Perl Perl 2.17.2 Perl Perl 2.18.0 Perl Perl 2.18.1 Perl Perl 5.6.0 Perl Perl 5.6.1 Perl Perl 5.8.0 Perl Perl 5.8.1 Perl Perl 5.8.2 Perl Perl 5.8.3 Perl Perl 5.8.4 Perl Perl 5.8.5 Perl Perl 5.8.6 Perl Perl 5.8.7 Perl Perl 5.8.8 Perl Perl 5.8.9 Perl Perl 5.8.10 Perl Perl 5.9.2 Perl Perl 5.10 Perl Perl 5.10.0 Perl Perl 5.10.1 Perl Perl 5.11.0 Perl Perl 5.11.1 Perl Perl 5.11.2 Perl Perl 5.11.3 Perl Perl 5.11.4 Perl Perl 5.11.5 Perl Perl 5.12.0 Perl Perl 5.12.1 Perl Perl 5.12.2 Perl Perl 5.12.3 Perl Perl 5.13.0 Perl Perl 5.13.1 Perl Perl 5.13.2 Perl Perl 5.13.3 Perl Perl 5.13.4 Perl Perl 5.13.5 Perl Perl 5.13.6 Perl Perl 5.13.7 Perl Perl 5.13.8 Perl Perl 5.13.9 Perl Perl 5.13.10 Perl Perl 5.13.11 Perl Perl 5.14.0 Perl Perl - Perl Perl 0.1 Perl Perl 0.2 Perl Perl 0.3 Perl Perl 0.4 Perl Perl 0.5 Perl Perl 0.52 Perl Perl 0.61 Perl Perl 0.62 Perl Perl 0.63 Perl Perl 0.64 Perl Perl 0.65 Perl Perl 0.66 Perl Perl 0.67 Perl Perl 0.68 Perl Perl 0.69 Perl Perl 0.70 Perl Perl 0.71 Perl Perl 0.72 Perl Perl 0.73 Perl Perl 0.80 Perl Perl 0.81 Perl Perl 0.82 Perl Perl 0.83 Perl Perl 0.84 Perl Perl 0.85 Perl Perl 0.86 Perl Perl 0.87 Perl Perl 0.88 Perl Perl 0.89 Perl Perl 0.90 Perl Perl 0.91 Perl Perl 0.92 Perl Perl 0.93 Perl Perl 0.94 Perl Perl 0.95 Perl Perl 0.96 Perl Perl 0.97 Perl Perl 0.98 Perl Perl 0.99 Perl Perl 5.14.1	181

Nessus

NASL family	Gentoo Local Security Checks
NASL id	GENTOO_GLSA-201401-11.NASL
description	The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time.
last seen	2020-06-01
modified	2020-06-02
plugin id	72033
published	2014-01-20
reporter	This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
source	https://www.tenable.com/plugins/nessus/72033
title	GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-11. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72033); script_version("1.9"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2728", "CVE-2011-2939", "CVE-2012-5195", "CVE-2013-1667"); script_bugtraq_id(49858, 56287, 58311); script_xref(name:"GLSA", value:"201401-11"); script_name(english:"GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-11" ); script_set_attribute( attribute:"solution", value: "All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.16.3' All Locale::Maketext users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/locale-maketext-1.230.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:locale-maketext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.16.3"), vulnerable:make_list("lt 5.16.3"))) flag++; if (qpkg_check(package:"perl-core/locale-maketext", unaffected:make_list("ge 1.230.0"), vulnerable:make_list("lt 1.230.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl / Locale Maketext Perl module"); }

NASL family	SuSE Local Security Checks
NASL id	SUSE_11_PERL-130301.NASL
description	This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329]
last seen	2020-06-05
modified	2013-03-13
plugin id	65247
published	2013-03-13
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65247
title	SuSE 11.2 Security Update : Perl (SAT Patch Number 7439)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65247); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-2728", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_name(english:"SuSE 11.2 Security Update : Perl (SAT Patch Number 7439)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789994" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=796014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797060" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804415" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2728.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5526.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1667.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7439."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"TWiki 5.1.2 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) \|\| release !~ "^(SLED\|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) \|\| int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");

NASL family	Solaris Local Security Checks
NASL id	SOLARIS11_PERL-58_20131017.NASL
description	The remote Solaris system is missing necessary patches to address security updates : - The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. (CVE-2011-2728)
last seen	2020-06-01
modified	2020-06-02
plugin id	80732
published	2015-01-19
reporter	This script is Copyright (C) 2015-2018 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/80732
title	Oracle Solaris Third-Party Patch Update : perl-58 (cve_2011_2728_denial_of)
code	# # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80732); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2011-2728"); script_name(english:"Oracle Solaris Third-Party Patch Update : perl-58 (cve_2011_2728_denial_of)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The bsd_glob function in the File::Glob module for Perl before 5.14.2 allows context-dependent attackers to cause a denial of service (crash) via a glob expression with the GLOB_ALTDIRFUNC flag, which triggers an uninitialized pointer dereference. (CVE-2011-2728)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2011-2728-denial-of-service-vulnerability-in-perl" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11/11 SRU 3."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:N/I:N/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.0"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:perl-58"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/17"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^perl-58$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-58"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.0.3.0.4.0", sru:"SRU 3") > 0) flag++; if (flag) { error_extra = 'Affected package : perl-58\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_warning(port:0, extra:error_extra); else security_warning(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "perl-58");

NASL family	SuSE Local Security Checks
NASL id	SUSE_PERL-8479.NASL
description	This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] - make getgrent work with long group entries [bnc#788388]
last seen	2020-06-05
modified	2013-03-13
plugin id	65249
published	2013-03-13
reporter	This script is Copyright (C) 2013-2020 Tenable Network Security, Inc.
source	https://www.tenable.com/plugins/nessus/65249
title	SuSE 10 Security Update : Perl (ZYPP Patch Number 8479)
code	#%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The text description of this plugin is (C) Novell, Inc. # include("compat.inc"); if (description) { script_id(65249); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-2728", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_name(english:"SuSE 10 Security Update : Perl (ZYPP Patch Number 8479)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 10 host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] - make getgrent work with long group entries [bnc#788388]" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2728.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5526.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1667.html" ); script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8479."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"TWiki 5.1.2 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/02"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled."); if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE."); if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages."); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) exit(1, "Failed to determine the architecture type."); if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented."); flag = 0; if (rpm_check(release:"SLED10", sp:4, reference:"perl-5.8.8-14.21.3")) flag++; if (rpm_check(release:"SLED10", sp:4, cpu:"x86_64", reference:"perl-32bit-5.8.8-14.21.3")) flag++; if (rpm_check(release:"SLES10", sp:4, reference:"perl-5.8.8-14.21.3")) flag++; if (rpm_check(release:"SLES10", sp:4, cpu:"x86_64", reference:"perl-32bit-5.8.8-14.21.3")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else exit(0, "The host is not affected.");

Seebug

bulletinFamily	exploit
description	BUGTRAQ ID: 49858 CVE ID: CVE-2011-2728,CVE-2011-2939 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的"decode_xs()"和"File::Glob::bsd_glob()"函数在实现上存在远程代码执行漏洞，远程攻击者可利用此漏洞执行任意代码。 1）在处理GLOB_ALTDIRFUNC旗标时，"File::Glob::bsd_glob()"函数中存在的错误可被利用造成非法访问和执行任意代码。 2）Encode中的"decode_xs()"函数中的错误可通过特制输入造成堆缓冲区溢出。 Perl 5.14.1 厂商补丁： Perl ---- 目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://www.perl.com
id	SSV:20964
last seen	2017-11-19
modified	2011-09-30
published	2011-09-30
reporter	Root
title	Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞

Summary

Vulnerable Configurations

Nessus

Seebug

References