Vulnerabilities > CVE-2011-2939 - Numeric Errors vulnerability in multiple products
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN Summary
Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-11.NASL description The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72033 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72033 title GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-11. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72033); script_version("1.9"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2728", "CVE-2011-2939", "CVE-2012-5195", "CVE-2013-1667"); script_bugtraq_id(49858, 56287, 58311); script_xref(name:"GLSA", value:"201401-11"); script_name(english:"GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-11" ); script_set_attribute( attribute:"solution", value: "All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.16.3' All Locale::Maketext users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/locale-maketext-1.230.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:locale-maketext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.16.3"), vulnerable:make_list("lt 5.16.3"))) flag++; if (qpkg_check(package:"perl-core/locale-maketext", unaffected:make_list("ge 1.230.0"), vulnerable:make_list("lt 1.230.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl / Locale Maketext Perl module"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_3_PERL-111122.NASL description This update of Perl fixes a heap based buffer overflow in the decode_xs() function (CVE-2011-2939, bnc#728662). last seen 2020-06-01 modified 2020-06-02 plugin id 75707 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75707 title openSUSE Security Update : perl (openSUSE-SU-2011:1278-1) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update perl-5471. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(75707); script_version("1.6"); script_cvs_date("Date: 2019/10/25 13:36:41"); script_cve_id("CVE-2011-2939"); script_name(english:"openSUSE Security Update : perl (openSUSE-SU-2011:1278-1)"); script_summary(english:"Check for the perl-5471 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This update of Perl fixes a heap based buffer overflow in the decode_xs() function (CVE-2011-2939, bnc#728662)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=728662" ); script_set_attribute( attribute:"see_also", value:"https://lists.opensuse.org/opensuse-updates/2011-11/msg00026.html" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:H/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:perl-base-32bit"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:11.3"); script_set_attribute(attribute:"patch_publication_date", value:"2011/11/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/06/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE11\.3)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "11.3", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE11.3", reference:"perl-5.12.1-2.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", reference:"perl-base-5.12.1-2.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"perl-32bit-5.12.1-2.7.1") ) flag++; if ( rpm_check(release:"SUSE11.3", cpu:"x86_64", reference:"perl-base-32bit-5.12.1-2.7.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2011-1424.NASL description Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the last seen 2020-06-01 modified 2020-06-02 plugin id 56709 published 2011-11-04 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56709 title RHEL 6 : perl (RHSA-2011:1424) NASL family Fedora Local Security Checks NASL id FEDORA_2011-13874.NASL description This update fixes security bug in Digest object constructor (CVE-2011-3597)= and in decoding Unicode string by interpreter (CVE-2011-2939). ---------------------------------------------------------------------- -----= Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 56696 published 2011-11-03 reporter This script is Copyright (C) 2011-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/56696 title Fedora 14 : perl-5.12.4-147.fc14 (2011-13874) NASL family SuSE Local Security Checks NASL id SUSE_11_3_ICEDTEA-WEB-111114.NASL description Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock last seen 2020-06-01 modified 2020-06-02 plugin id 75529 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75529 title openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1) NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2011-1424.NASL description From Red Hat Security Advisory 2011:1424 : Updated perl packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the last seen 2020-06-01 modified 2020-06-02 plugin id 68383 published 2013-07-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68383 title Oracle Linux 6 : perl (ELSA-2011-1424) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2011-19.NASL description A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the last seen 2020-06-01 modified 2020-06-02 plugin id 69578 published 2013-09-04 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/69578 title Amazon Linux AMI : perl (ALAS-2011-19) NASL family SuSE Local Security Checks NASL id SUSE_11_4_ICEDTEA-WEB-111114.NASL description Update to version 1.1.4 of icedtea-web to fix the following issues : - CVE-2011-3377: IcedTea-Web: second-level domain subdomains and suffix domain SOP bypass - PR778: Jar download and server certificate verification deadlock last seen 2020-06-01 modified 2020-06-02 plugin id 75865 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75865 title openSUSE Security Update : icedtea-web (openSUSE-SU-2011:1251-1) NASL family Scientific Linux Local Security Checks NASL id SL_20111103_PERL_ON_SL6_X.NASL description Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap-based buffer overflow flaw was found in the way Perl decoded Unicode strings. An attacker could create a malicious Unicode string that, when decoded by a Perl program, would cause the program to crash or, potentially, execute arbitrary code with the permissions of the user running the program. (CVE-2011-2939) It was found that the last seen 2020-06-01 modified 2020-06-02 plugin id 61169 published 2012-08-01 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/61169 title Scientific Linux Security Update : perl on SL6.x i386/x86_64 NASL family SuSE Local Security Checks NASL id SUSE_11_4_PERL-111122.NASL description This update of Perl fixes a heap based buffer overflow in the decode_xs() function (CVE-2011-2939, bnc#728662). last seen 2020-06-01 modified 2020-06-02 plugin id 75994 published 2014-06-13 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/75994 title openSUSE Security Update : perl (openSUSE-SU-2011:1278-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-58_20131015.NASL description The remote Solaris system is missing necessary patches to address security updates : - Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. (CVE-2004-0452) - Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. (CVE-2005-0156) - Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. (CVE-2005-0448) - Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. (CVE-2005-4278) - Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. (CVE-2010-1158) - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. (CVE-2011-2939) - CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526) last seen 2020-06-01 modified 2020-06-02 plugin id 80731 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80731 title Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5526_configuration_vulnerability1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-008.NASL description Multiple vulnerabilities has been found and corrected in perl : Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow (CVE-2011-2939). Eval injection in the Digest module before 1.17 for Perl allows context-dependent attackers to execute arbitrary commands via the new constructor (CVE-2011-3597). The updated packages have been patched to correct these issues. last seen 2020-06-01 modified 2020-06-02 plugin id 57593 published 2012-01-19 reporter This script is Copyright (C) 2012-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/57593 title Mandriva Linux Security Advisory : perl (MDVSA-2012:008) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1643-1.NASL description It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 63109 published 2012-11-30 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63109 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1)
Redhat
advisories |
| ||||
rpms |
|
Seebug
bulletinFamily | exploit |
description | BUGTRAQ ID: 49858 CVE ID: CVE-2011-2728,CVE-2011-2939 Perl是一种高级、通用、直译式、动态的程序语言。 Perl的"decode_xs()"和"File::Glob::bsd_glob()"函数在实现上存在远程代码执行漏洞,远程攻击者可利用此漏洞执行任意代码。 1)在处理GLOB_ALTDIRFUNC旗标时,"File::Glob::bsd_glob()"函数中存在的错误可被利用造成非法访问和执行任意代码。 2)Encode中的"decode_xs()"函数中的错误可通过特制输入造成堆缓冲区溢出。 Perl 5.14.1 厂商补丁: Perl ---- 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.perl.com |
id | SSV:20964 |
last seen | 2017-11-19 |
modified | 2011-09-30 |
published | 2011-09-30 |
reporter | Root |
title | Perl "decode_xs()"和"File::Glob::bsd_glob()"远程代码执行漏洞 |
References
- http://perl5.git.perl.org/perl.git/commitdiff/e46d973584785af1f445c4dedbee4243419cb860#patch5
- https://bugzilla.redhat.com/show_bug.cgi?id=731246
- http://www.openwall.com/lists/oss-security/2011/08/19/17
- http://www.redhat.com/support/errata/RHSA-2011-1424.html
- http://www.openwall.com/lists/oss-security/2011/08/18/8
- http://secunia.com/advisories/46989
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:008
- http://secunia.com/advisories/51457
- http://www.ubuntu.com/usn/USN-1643-1
- http://www.securityfocus.com/bid/49858
- http://secunia.com/advisories/46172
- http://cpansearch.perl.org/src/FLORA/perl-5.14.2/pod/perldelta.pod
- http://secunia.com/advisories/55314
- http://search.cpan.org/~flora/perl-5.14.2/pod/perldelta.pod#Encode_decode_xs_n-byte_heap-overflow_%28CVE-2011-2939%29