Vulnerabilities > CVE-2012-5195 - Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Perl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 23 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Buffer Overflow via Environment Variables This attack pattern involves causing a buffer overflow through manipulation of environment variables. Once the attacker finds that they can modify an environment variable, they may try to overflow associated buffers. This attack leverages implicit trust often placed in environment variables.
- Overflow Buffers Buffer Overflow attacks target improper or missing bounds checking on buffer operations, typically triggered by input injected by an attacker. As a consequence, an attacker is able to write past the boundaries of allocated buffer regions in memory, causing a program crash or potentially redirection of execution as per the attackers' choice.
- Client-side Injection-induced Buffer Overflow This type of attack exploits a buffer overflow vulnerability in targeted client software through injection of malicious content from a custom-built hostile service.
- Filter Failure through Buffer Overflow In this attack, the idea is to cause an active filter to fail by causing an oversized transaction. An attacker may try to feed overly long input strings to the program in an attempt to overwhelm the filter (by causing a buffer overflow) and hoping that the filter does not fail securely (i.e. the user input is let into the system unfiltered).
- MIME Conversion An attacker exploits a weakness in the MIME conversion routine to cause a buffer overflow and gain control over the mail server machine. The MIME system is designed to allow various different information formats to be interpreted and sent via e-mail. Attack points exist when data are converted to MIME compatible format and back.
Nessus
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2586.NASL description Two vulnerabilities were discovered in the implementation of the Perl programming language : - CVE-2012-5195 The last seen 2020-03-17 modified 2012-12-17 plugin id 63270 published 2012-12-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63270 title Debian DSA-2586-1 : perl - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2586. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(63270); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5195", "CVE-2012-5526"); script_bugtraq_id(56287, 56562); script_xref(name:"DSA", value:"2586"); script_name(english:"Debian DSA-2586-1 : perl - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in the implementation of the Perl programming language : - CVE-2012-5195 The 'x' operator could cause the Perl interpreter to crash if very long strings were created. - CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689314" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693420" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695223" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5195" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5526" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/perl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2586" ); script_set_attribute( attribute:"solution", value: "Upgrade the perl packages. For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libcgi-fast-perl", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libperl-dev", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libperl5.10", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-base", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-debug", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-doc", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-modules", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-suid", reference:"5.10.1-17squeeze4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0685.NASL description From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-07-12 plugin id 68797 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68797 title Oracle Linux 5 / 6 : perl (ELSA-2013-0685) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0685 and # Oracle Linux Security Advisory ELSA-2013-0685 respectively. # include("compat.inc"); if (description) { script_id(68797); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_xref(name:"RHSA", value:"2013:0685"); script_name(english:"Oracle Linux 5 / 6 : perl (ELSA-2013-0685)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003388.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003389.html" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Extract"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPANPLUS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Digest-SHA"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-CBuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-Embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-MakeMaker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-ParseXS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-File-Fetch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IPC-Cmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Locale-Maketext-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-CoreList"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load-Conditional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Loaded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Pluggable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Object-Accessor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Package-Constants"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Params-Check"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Parse-CPAN-Meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Term-UI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Harness"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-HiRes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-Piece"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-parent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-version"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"perl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"perl-suidperl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL6", reference:"perl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Extract-0.38-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Tar-1.58-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CGI-3.51-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPAN-1.9402-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPANPLUS-0.88-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Digest-SHA-5.47-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-CBuilder-0.27-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-Embed-1.28-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-MakeMaker-6.55-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-File-Fetch-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Base-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Zlib-1.09-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IPC-Cmd-0.56-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Locale-Maketext-Simple-0.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-Simple-0.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Build-0.3500-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-CoreList-2.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-0.16-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-Conditional-0.30-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Loaded-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Pluggable-3.90-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Object-Accessor-0.34-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Package-Constants-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Params-Check-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Parse-CPAN-Meta-1.40-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Escapes-1.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Simple-3.13-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Term-UI-0.20-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Harness-3.17-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Simple-0.92-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-HiRes-1.9721-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-Piece-1.15-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-core-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-devel-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-libs-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-parent-0.221-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-suidperl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-version-0.77-130.el6_4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-512_20131017.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-06-01 modified 2020-06-02 plugin id 80727 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80727 title Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer) NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-11.NASL description The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72033 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72033 title GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-177.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-06-01 modified 2020-06-02 plugin id 69736 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69736 title Amazon Linux AMI : perl (ALAS-2013-177) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0076.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Do not extend allowable epoch values in Time::Local::timelocal to remove useless warning on 64-bit platforms (Resolves: rhbz#1149375) - Fix perl segfaults with custom signal handle (Resolves: rhbz#991854) - Reorder AnyDBM_File back-end preference (Resolves: rhbz#1018721) - Fix backslash interpolation in Locale::Maketext (Resolves: rhbz#1029016) - Enable year 2038 for Time::Local on 64-bit platforms (Resolves: rhbz#1057047) - 800340 - strftime memory leak perl bug (RT#73520) - Resolves: rhbz#800340 - Fix CVE-2012-5195 heap buffer overrun at repeatcpy (Resolves: rhbz#915691) - Fix CVE-2012-5526 newline injection due to improper CRLF escaping in Set-Cookie and P3P headers (Resolves: rhbz#915691) - Fix CVE-2012-6329 possible arbitrary code execution via Locale::Maketext (Resolves: rhbz#915691) - Fix CVE-2013-1667 DoS in rehashing code (Resolves: rhbz#915691) - 848156 - Reverts code of perl-5.8.8-U32019.patch - Resolves: rhbz#848156 last seen 2020-03-31 modified 2016-06-22 plugin id 91752 published 2016-06-22 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91752 title OracleVM 3.2 : perl (OVMSA-2016-0076) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0746.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman last seen 2020-06-01 modified 2020-06-02 plugin id 78955 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78955 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15867.NASL description CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-03-30 modified 2015-09-16 plugin id 85945 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85945 title F5 Networks BIG-IP : Perl vulnerabilities (K15867) NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-58_20131017_3.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-06-01 modified 2020-06-02 plugin id 80734 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80734 title Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5195_buffer_errors) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-30 modified 2013-03-27 plugin id 65694 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65694 title CentOS 5 / 6 : perl (CESA-2013:0685) NASL family Scientific Linux Local Security Checks NASL id SL_20130326_PERL_ON_SL5_X.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-18 modified 2013-03-28 plugin id 65715 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65715 title Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1643-1.NASL description It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 63109 published 2012-11-30 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63109 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-005.NASL description A vulnerability has been found and corrected in perl : Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-06-01 modified 2020-06-02 plugin id 64279 published 2013-01-29 reporter This script is Copyright (C) 2013-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/64279 title Mandriva Linux Security Advisory : perl (MDVSA-2013:005) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-03-27 plugin id 65698 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65698 title RHEL 5 / 6 : perl (RHSA-2013:0685) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-113.NASL description Updated perl packages fix security vulnerability : It was discovered that Perl last seen 2020-06-01 modified 2020-06-02 plugin id 66125 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66125 title Mandriva Linux Security Advisory : perl (MDVSA-2013:113)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://perl5.git.perl.org/perl.git/commit/2709980d5a193ce6f3a16f0d19879a6560dcde44
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.debian.org/security/2012/dsa-2586
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2012/10/msg193886.html
- http://www.openwall.com/lists/oss-security/2012/10/26/2
- http://www.openwall.com/lists/oss-security/2012/10/27/1
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56287
- http://www.ubuntu.com/usn/USN-1643-1
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2012-0352