Vulnerabilities > CVE-2012-5526 - Configuration vulnerability in Andy Armstrong Cgi.Pm
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
PARTIAL Availability impact
NONE Summary
CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Fedora Local Security Checks NASL id FEDORA_2012-18330.NASL description Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly) in CGI-3.52. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-18 plugin id 63282 published 2012-12-18 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63282 title Fedora 16 : perl-5.14.3-203.fc16 / perl-CGI-3.52-203.fc16 (2012-18330) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2012-18330. # include("compat.inc"); if (description) { script_id(63282); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5526"); script_bugtraq_id(56562); script_xref(name:"FEDORA", value:"2012-18330"); script_name(english:"Fedora 16 : perl-5.14.3-203.fc16 / perl-CGI-3.52-203.fc16 (2012-18330)"); script_summary(english:"Checks rpm output for the updated packages."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly) in CGI-3.52. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=877015" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094761.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a22c8bdc" ); # https://lists.fedoraproject.org/pipermail/package-announce/2012-December/094762.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?a007a810" ); script_set_attribute( attribute:"solution", value:"Update the affected perl and / or perl-CGI packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:N"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl-CGI"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:16"); script_set_attribute(attribute:"patch_publication_date", value:"2012/11/16"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/18"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^16([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 16.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC16", reference:"perl-5.14.3-203.fc16")) flag++; if (rpm_check(release:"FC16", reference:"perl-CGI-3.52-203.fc16")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-CGI"); }NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2586.NASL description Two vulnerabilities were discovered in the implementation of the Perl programming language : - CVE-2012-5195 The last seen 2020-03-17 modified 2012-12-17 plugin id 63270 published 2012-12-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63270 title Debian DSA-2586-1 : perl - several vulnerabilities code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Debian Security Advisory DSA-2586. The text # itself is copyright (C) Software in the Public Interest, Inc. # include("compat.inc"); if (description) { script_id(63270); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2012-5195", "CVE-2012-5526"); script_bugtraq_id(56287, 56562); script_xref(name:"DSA", value:"2586"); script_name(english:"Debian DSA-2586-1 : perl - several vulnerabilities"); script_summary(english:"Checks dpkg output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Debian host is missing a security-related update." ); script_set_attribute( attribute:"description", value: "Two vulnerabilities were discovered in the implementation of the Perl programming language : - CVE-2012-5195 The 'x' operator could cause the Perl interpreter to crash if very long strings were created. - CVE-2012-5526 The CGI module does not properly escape LF characters in the Set-Cookie and P3P headers. In addition, this update adds a warning to the Storable documentation that this package is not suitable for deserializing untrusted data." ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=689314" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=693420" ); script_set_attribute( attribute:"see_also", value:"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=695223" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5195" ); script_set_attribute( attribute:"see_also", value:"https://security-tracker.debian.org/tracker/CVE-2012-5526" ); script_set_attribute( attribute:"see_also", value:"https://packages.debian.org/source/squeeze/perl" ); script_set_attribute( attribute:"see_also", value:"https://www.debian.org/security/2012/dsa-2586" ); script_set_attribute( attribute:"solution", value: "Upgrade the perl packages. For the stable distribution (squeeze), these problems have been fixed in version 5.10.1-17squeeze4." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:debian:debian_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:debian:debian_linux:6.0"); script_set_attribute(attribute:"patch_publication_date", value:"2012/12/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2012/12/17"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Debian Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Debian/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("debian_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Debian/release")) audit(AUDIT_OS_NOT, "Debian"); if (!get_kb_item("Host/Debian/dpkg-l")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (deb_check(release:"6.0", prefix:"libcgi-fast-perl", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libperl-dev", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"libperl5.10", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-base", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-debug", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-doc", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-modules", reference:"5.10.1-17squeeze4")) flag++; if (deb_check(release:"6.0", prefix:"perl-suid", reference:"5.10.1-17squeeze4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:deb_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0685.NASL description From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-07-12 plugin id 68797 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68797 title Oracle Linux 5 / 6 : perl (ELSA-2013-0685) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0685 and # Oracle Linux Security Advisory ELSA-2013-0685 respectively. # include("compat.inc"); if (description) { script_id(68797); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_xref(name:"RHSA", value:"2013:0685"); script_name(english:"Oracle Linux 5 / 6 : perl (ELSA-2013-0685)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003388.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003389.html" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Extract"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPANPLUS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Digest-SHA"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-CBuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-Embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-MakeMaker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-ParseXS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-File-Fetch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IPC-Cmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Locale-Maketext-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-CoreList"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load-Conditional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Loaded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Pluggable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Object-Accessor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Package-Constants"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Params-Check"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Parse-CPAN-Meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Term-UI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Harness"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-HiRes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-Piece"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-parent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-version"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"perl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"perl-suidperl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL6", reference:"perl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Extract-0.38-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Tar-1.58-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CGI-3.51-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPAN-1.9402-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPANPLUS-0.88-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Digest-SHA-5.47-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-CBuilder-0.27-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-Embed-1.28-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-MakeMaker-6.55-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-File-Fetch-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Base-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Zlib-1.09-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IPC-Cmd-0.56-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Locale-Maketext-Simple-0.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-Simple-0.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Build-0.3500-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-CoreList-2.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-0.16-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-Conditional-0.30-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Loaded-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Pluggable-3.90-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Object-Accessor-0.34-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Package-Constants-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Params-Check-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Parse-CPAN-Meta-1.40-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Escapes-1.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Simple-3.13-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Term-UI-0.20-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Harness-3.17-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Simple-0.92-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-HiRes-1.9721-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-Piece-1.15-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-core-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-devel-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-libs-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-parent-0.221-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-suidperl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-version-0.77-130.el6_4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc"); }NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-512_20131017.NASL description The remote Solaris system is missing necessary patches to address security updates : - Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-06-01 modified 2020-06-02 plugin id 80727 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80727 title Oracle Solaris Third-Party Patch Update : perl-512 (cve_2012_5195_heap_buffer) NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-177.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-06-01 modified 2020-06-02 plugin id 69736 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69736 title Amazon Linux AMI : perl (ALAS-2013-177) NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0076.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Do not extend allowable epoch values in Time::Local::timelocal to remove useless warning on 64-bit platforms (Resolves: rhbz#1149375) - Fix perl segfaults with custom signal handle (Resolves: rhbz#991854) - Reorder AnyDBM_File back-end preference (Resolves: rhbz#1018721) - Fix backslash interpolation in Locale::Maketext (Resolves: rhbz#1029016) - Enable year 2038 for Time::Local on 64-bit platforms (Resolves: rhbz#1057047) - 800340 - strftime memory leak perl bug (RT#73520) - Resolves: rhbz#800340 - Fix CVE-2012-5195 heap buffer overrun at repeatcpy (Resolves: rhbz#915691) - Fix CVE-2012-5526 newline injection due to improper CRLF escaping in Set-Cookie and P3P headers (Resolves: rhbz#915691) - Fix CVE-2012-6329 possible arbitrary code execution via Locale::Maketext (Resolves: rhbz#915691) - Fix CVE-2013-1667 DoS in rehashing code (Resolves: rhbz#915691) - 848156 - Reverts code of perl-5.8.8-U32019.patch - Resolves: rhbz#848156 last seen 2020-03-31 modified 2016-06-22 plugin id 91752 published 2016-06-22 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91752 title OracleVM 3.2 : perl (OVMSA-2016-0076) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2012-180.NASL description A vulnerability was discovered and corrected in perl-CGI : CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm (CVE-2012-5526). The updated packages have been patched to correct this issue. last seen 2020-06-01 modified 2020-06-02 plugin id 63284 published 2012-12-18 reporter This script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63284 title Mandriva Linux Security Advisory : perl-CGI (MDVSA-2012:180) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0746.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman last seen 2020-06-01 modified 2020-06-02 plugin id 78955 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78955 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746) NASL family Fedora Local Security Checks NASL id FEDORA_2012-19125.NASL description Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly) in CGI-3.59. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-12 plugin id 63235 published 2012-12-12 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63235 title Fedora 18 : perl-5.16.2-235.fc18 / perl-CGI-3.59-235.fc18 (2012-19125) NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15867.NASL description CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-03-30 modified 2015-09-16 plugin id 85945 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85945 title F5 Networks BIG-IP : Perl vulnerabilities (K15867) NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2587.NASL description It was discovered that the CGI module for Perl does not filter LF characters in the Set-Cookie and P3P headers, potentially allowing attackers to inject HTTP headers. last seen 2020-03-17 modified 2012-12-17 plugin id 63271 published 2012-12-17 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63271 title Debian DSA-2587-1 : libcgi-pm-perl - HTTP header injection NASL family Fedora Local Security Checks NASL id FEDORA_2012-19282.NASL description Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly) in CGI-3.52. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-12-13 plugin id 63248 published 2012-12-13 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63248 title Fedora 17 : perl-5.14.3-218.fc17 / perl-CGI-3.52-218.fc17 (2012-19282) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18362.NASL description Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-26 plugin id 63043 published 2012-11-26 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63043 title Fedora 18 : perl-CGI-3.51-10.fc18 (2012-18362) NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-30 modified 2013-03-27 plugin id 65694 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65694 title CentOS 5 / 6 : perl (CESA-2013:0685) NASL family SuSE Local Security Checks NASL id SUSE_11_PERL-130301.NASL description This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] last seen 2020-06-05 modified 2013-03-13 plugin id 65247 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65247 title SuSE 11.2 Security Update : Perl (SAT Patch Number 7439) NASL family Fedora Local Security Checks NASL id FEDORA_2012-18318.NASL description Fix CVE-2012-5526 (escape new-lines in Set-Cookie and P3P HTTP response headers properly). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2012-11-29 plugin id 63081 published 2012-11-29 reporter This script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63081 title Fedora 17 : perl-CGI-3.51-7.fc17 (2012-18318) NASL family Scientific Linux Local Security Checks NASL id SL_20130326_PERL_ON_SL5_X.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-18 modified 2013-03-28 plugin id 65715 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65715 title Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326) NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-58_20131015.NASL description The remote Solaris system is missing necessary patches to address security updates : - Race condition in the rmtree function in the File::Path module in Perl 5.6.1 and 5.8.4 sets read/write permissions for the world, which allows local users to delete arbitrary files and directories, and possibly read files and directories, via a symlink attack. (CVE-2004-0452) - Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree. (CVE-2005-0156) - Race condition in the rmtree function in File::Path.pm in Perl before 5.8.4 allows local users to create arbitrary setuid binaries in the tree being deleted, a different vulnerability than CVE-2004-0452. (CVE-2005-0448) - Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build directory, which is part of the RUNPATH. (CVE-2005-4278) - Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular expression against a long string. (CVE-2010-1158) - Off-by-one error in the decode_xs function in Unicode/Unicode.xs in the Encode module before 2.44, as used in Perl before 5.15.6, might allow context-dependent attackers to cause a denial of service (memory corruption) via a crafted Unicode string, which triggers a heap-based buffer overflow. (CVE-2011-2939) - CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. (CVE-2012-5526) last seen 2020-06-01 modified 2020-06-02 plugin id 80731 published 2015-01-19 reporter This script is Copyright (C) 2015-2019 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80731 title Oracle Solaris Third-Party Patch Update : perl-58 (cve_2012_5526_configuration_vulnerability1) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-225.NASL description Perl was updated to fix 3 security issues : - fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug was fixed : - fix IPC::Open3 bug when last seen 2020-06-05 modified 2014-06-13 plugin id 74932 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74932 title openSUSE Security Update : perl (openSUSE-SU-2013:0497-1) NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1643-1.NASL description It was discovered that the decode_xs function in the Encode module is vulnerable to a heap-based buffer overflow via a crafted Unicode string. An attacker could use this overflow to cause a denial of service. (CVE-2011-2939) It was discovered that the last seen 2020-06-01 modified 2020-06-02 plugin id 63109 published 2012-11-30 reporter Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/63109 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerabilities (USN-1643-1) NASL family SuSE Local Security Checks NASL id SUSE_PERL-8479.NASL description This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] - make getgrent work with long group entries [bnc#788388] last seen 2020-06-05 modified 2013-03-13 plugin id 65249 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65249 title SuSE 10 Security Update : Perl (ZYPP Patch Number 8479) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-03-27 plugin id 65698 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65698 title RHEL 5 / 6 : perl (RHSA-2013:0685)
Redhat
| advisories |
| ||||
| rpms |
|
References
- http://cpansearch.perl.org/src/MARKSTOS/CGI.pm-3.63/Changes
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/51457
- http://secunia.com/advisories/55314
- http://www.debian.org/security/2012/dsa-2586
- http://www.openwall.com/lists/oss-security/2012/11/15/6
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/56562
- http://www.securitytracker.com/id?1027780
- http://www.ubuntu.com/usn/USN-1643-1
- https://exchange.xforce.ibmcloud.com/vulnerabilities/80098
- https://github.com/markstos/CGI.pm/pull/23