Vulnerabilities > CVE-2013-1667 - Resource Management Errors vulnerability in Perl
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Nessus
NASL family Oracle Linux Local Security Checks NASL id ORACLELINUX_ELSA-2013-0685.NASL description From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-07-12 plugin id 68797 published 2013-07-12 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/68797 title Oracle Linux 5 / 6 : perl (ELSA-2013-0685) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0685 and # Oracle Linux Security Advisory ELSA-2013-0685 respectively. # include("compat.inc"); if (description) { script_id(68797); script_version("1.20"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_xref(name:"RHSA", value:"2013:0685"); script_name(english:"Oracle Linux 5 / 6 : perl (ELSA-2013-0685)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Oracle Linux host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "From Red Hat Security Advisory 2013:0685 : Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect." ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003388.html" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/el-errata/2013-March/003389.html" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Extract"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Archive-Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-CPANPLUS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Digest-SHA"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-CBuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-Embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-MakeMaker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-ExtUtils-ParseXS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-File-Fetch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IO-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-IPC-Cmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Locale-Maketext-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Log-Message-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-CoreList"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Load-Conditional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Loaded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Module-Pluggable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Object-Accessor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Package-Constants"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Params-Check"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Parse-CPAN-Meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Pod-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Term-UI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Harness"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Test-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-HiRes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-Time-Piece"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-parent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:linux:perl-version"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/07/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Oracle Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleLinux", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/OracleLinux")) audit(AUDIT_OS_NOT, "Oracle Linux"); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || !pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux)", string:release)) audit(AUDIT_OS_NOT, "Oracle Linux"); os_ver = pregmatch(pattern: "Oracle (?:Linux Server|Enterprise Linux) .*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Oracle Linux"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Oracle Linux 5 / 6", "Oracle Linux " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && "ia64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Oracle Linux", cpu); flag = 0; if (rpm_check(release:"EL5", reference:"perl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL5", reference:"perl-suidperl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"EL6", reference:"perl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Extract-0.38-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Archive-Tar-1.58-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CGI-3.51-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPAN-1.9402-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-CPANPLUS-0.88-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Raw-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Digest-SHA-5.47-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-CBuilder-0.27-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-Embed-1.28-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-MakeMaker-6.55-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-File-Fetch-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Base-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IO-Zlib-1.09-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-IPC-Cmd-0.56-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Locale-Maketext-Simple-0.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Log-Message-Simple-0.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Build-0.3500-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-CoreList-2.18-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-0.16-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Load-Conditional-0.30-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Loaded-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Module-Pluggable-3.90-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Object-Accessor-0.34-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Package-Constants-0.02-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Params-Check-0.26-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Parse-CPAN-Meta-1.40-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Escapes-1.04-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Pod-Simple-3.13-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Term-UI-0.20-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Harness-3.17-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Test-Simple-0.92-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-HiRes-1.9721-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-Time-Piece-1.15-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-core-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-devel-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-libs-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-parent-0.221-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-suidperl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"EL6", reference:"perl-version-0.77-130.el6_4")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc"); }
NASL family Gentoo Local Security Checks NASL id GENTOO_GLSA-201401-11.NASL description The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time. last seen 2020-06-01 modified 2020-06-02 plugin id 72033 published 2014-01-20 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/72033 title GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Gentoo Linux Security Advisory GLSA 201401-11. # # The advisory text is Copyright (C) 2001-2019 Gentoo Foundation, Inc. # and licensed under the Creative Commons - Attribution / Share Alike # license. See http://creativecommons.org/licenses/by-sa/3.0/ # include("compat.inc"); if (description) { script_id(72033); script_version("1.9"); script_cvs_date("Date: 2019/08/12 17:35:38"); script_cve_id("CVE-2011-2728", "CVE-2011-2939", "CVE-2012-5195", "CVE-2013-1667"); script_bugtraq_id(49858, 56287, 58311); script_xref(name:"GLSA", value:"201401-11"); script_name(english:"GLSA-201401-11 : Perl, Locale Maketext Perl module: Multiple vulnerabilities"); script_summary(english:"Checks for updated package(s) in /var/db/pkg"); script_set_attribute( attribute:"synopsis", value: "The remote Gentoo host is missing one or more security-related patches." ); script_set_attribute( attribute:"description", value: "The remote host is affected by the vulnerability described in GLSA-201401-11 (Perl, Locale Maketext Perl module: Multiple vulnerabilities) Multiple vulnerabilities have been discovered in Perl and Locale::Maketext Perl module. Please review the CVE identifiers referenced below for details. Impact : A context-dependent attacker could possibly execute arbitrary code with the privileges of the process or cause a Denial of Service condition. Workaround : There is no known workaround at this time." ); script_set_attribute( attribute:"see_also", value:"https://security.gentoo.org/glsa/201401-11" ); script_set_attribute( attribute:"solution", value: "All Perl users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=dev-lang/perl-5.16.3' All Locale::Maketext users should upgrade to the latest version: # emerge --sync # emerge --ask --oneshot --verbose '>=perl-core/locale-maketext-1.230.0'" ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:locale-maketext"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:gentoo:linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:gentoo:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/01/13"); script_set_attribute(attribute:"patch_publication_date", value:"2014/01/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/01/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Gentoo Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Gentoo/release", "Host/Gentoo/qpkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("qpkg.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Gentoo/release")) audit(AUDIT_OS_NOT, "Gentoo"); if (!get_kb_item("Host/Gentoo/qpkg-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (qpkg_check(package:"dev-lang/perl", unaffected:make_list("ge 5.16.3"), vulnerable:make_list("lt 5.16.3"))) flag++; if (qpkg_check(package:"perl-core/locale-maketext", unaffected:make_list("ge 1.230.0"), vulnerable:make_list("lt 1.230.0"))) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:qpkg_report_get()); else security_hole(0); exit(0); } else { tested = qpkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "Perl / Locale Maketext Perl module"); }
NASL family Amazon Linux Local Security Checks NASL id ALA_ALAS-2013-177.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-06-01 modified 2020-06-02 plugin id 69736 published 2013-09-04 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/69736 title Amazon Linux AMI : perl (ALAS-2013-177) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Amazon Linux AMI Security Advisory ALAS-2013-177. # include("compat.inc"); if (description) { script_id(69736); script_version("1.9"); script_cvs_date("Date: 2019/02/07 9:34:55"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_xref(name:"ALAS", value:"2013-177"); script_xref(name:"RHSA", value:"2013:0685"); script_name(english:"Amazon Linux AMI : perl (ALAS-2013-177)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote Amazon Linux AMI host is missing a security update." ); script_set_attribute( attribute:"description", value: "A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329)" ); script_set_attribute( attribute:"see_also", value:"https://alas.aws.amazon.com/ALAS-2013-177.html" ); script_set_attribute( attribute:"solution", value:"Run 'yum update perl' to update your system." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"TWiki 5.1.2 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Archive-Extract"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Archive-Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-CPANPLUS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Digest-SHA"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-ExtUtils-CBuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-ExtUtils-Embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-ExtUtils-MakeMaker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-ExtUtils-ParseXS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-File-Fetch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-IO-Compress-Base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-IO-Compress-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-IO-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-IO-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-IPC-Cmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Locale-Maketext-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Log-Message"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Log-Message-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-Build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-CoreList"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-Load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-Load-Conditional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-Loaded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Module-Pluggable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Object-Accessor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Package-Constants"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Params-Check"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Parse-CPAN-Meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Pod-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Term-UI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Test-Harness"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Test-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Time-HiRes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-Time-Piece"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-parent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:amazon:linux:perl-version"); script_set_attribute(attribute:"cpe", value:"cpe:/o:amazon:linux"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/09/15"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/09/04"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Amazon Linux Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/AmazonLinux/release", "Host/AmazonLinux/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/AmazonLinux/release"); if (isnull(release) || !strlen(release)) audit(AUDIT_OS_NOT, "Amazon Linux"); os_ver = pregmatch(pattern: "^AL(A|\d)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Amazon Linux"); os_ver = os_ver[1]; if (os_ver != "A") { if (os_ver == 'A') os_ver = 'AMI'; audit(AUDIT_OS_NOT, "Amazon Linux AMI", "Amazon Linux " + os_ver); } if (!get_kb_item("Host/AmazonLinux/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (rpm_check(release:"ALA", reference:"perl-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Archive-Extract-0.38-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Archive-Tar-1.58-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-CGI-3.51-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-CPAN-1.9402-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-CPANPLUS-0.88-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Compress-Raw-Bzip2-2.020-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Compress-Raw-Zlib-2.023-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Compress-Zlib-2.020-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Digest-SHA-5.47-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-ExtUtils-CBuilder-0.27-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-ExtUtils-Embed-1.28-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-ExtUtils-MakeMaker-6.55-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-ExtUtils-ParseXS-2.2003.0-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-File-Fetch-0.26-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-IO-Compress-Base-2.020-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-IO-Compress-Bzip2-2.020-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-IO-Compress-Zlib-2.020-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-IO-Zlib-1.09-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-IPC-Cmd-0.56-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Locale-Maketext-Simple-0.18-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Log-Message-0.02-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Log-Message-Simple-0.04-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-Build-0.3500-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-CoreList-2.18-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-Load-0.16-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-Load-Conditional-0.30-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-Loaded-0.02-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Module-Pluggable-3.90-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Object-Accessor-0.34-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Package-Constants-0.02-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Params-Check-0.26-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Parse-CPAN-Meta-1.40-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Pod-Escapes-1.04-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Pod-Simple-3.13-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Term-UI-0.20-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Test-Harness-3.17-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Test-Simple-0.92-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Time-HiRes-1.9721-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-Time-Piece-1.15-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-core-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-debuginfo-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-devel-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-libs-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-parent-0.221-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-suidperl-5.10.1-130.17.amzn1")) flag++; if (rpm_check(release:"ALA", reference:"perl-version-0.77-130.17.amzn1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-58_20130521.NASL description The remote Solaris system is missing necessary patches to address security updates : - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVE-2013-1667) last seen 2020-06-01 modified 2020-06-02 plugin id 80729 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80729 title Oracle Solaris Third-Party Patch Update : perl-58 (cve_2013_1667_denial_of) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80729); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2013-1667"); script_name(english:"Oracle Solaris Third-Party Patch Update : perl-58 (cve_2013_1667_denial_of)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVE-2013-1667)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2013-1667-denial-of-service-dos-vulnerability-in-perl-58" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.7.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:perl-58"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^perl-58$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-58"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.7.0.5.0", sru:"SRU 11.1.7.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : perl-58\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "perl-58");
NASL family Slackware Local Security Checks NASL id SLACKWARE_SSA_2013-072-01.NASL description New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue. last seen 2020-06-01 modified 2020-06-02 plugin id 65552 published 2013-03-15 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65552 title Slackware 13.1 / 13.37 / 14.0 / current : perl (SSA:2013-072-01) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Slackware Security Advisory 2013-072-01. The text # itself is copyright (C) Slackware Linux, Inc. # include("compat.inc"); if (description) { script_id(65552); script_version("1.8"); script_cvs_date("Date: 2019/01/02 16:37:55"); script_cve_id("CVE-2013-1667"); script_bugtraq_id(58311); script_xref(name:"SSA", value:"2013-072-01"); script_name(english:"Slackware 13.1 / 13.37 / 14.0 / current : perl (SSA:2013-072-01)"); script_summary(english:"Checks for updated package in /var/log/packages"); script_set_attribute( attribute:"synopsis", value:"The remote Slackware host is missing a security update." ); script_set_attribute( attribute:"description", value: "New perl packages are available for Slackware 13.1, 13.37, 14.0, and -current to fix a security issue." ); # http://www.slackware.com/security/viewer.php?l=slackware-security&y=2013&m=slackware-security.424686 script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?97db9877" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:slackware:slackware_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.1"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:13.37"); script_set_attribute(attribute:"cpe", value:"cpe:/o:slackware:slackware_linux:14.0"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/14"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/15"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Slackware Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Slackware/release", "Host/Slackware/packages"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("slackware.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/Slackware/release")) audit(AUDIT_OS_NOT, "Slackware"); if (!get_kb_item("Host/Slackware/packages")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Slackware", cpu); flag = 0; if (slackware_check(osver:"13.1", pkgname:"perl", pkgver:"5.10.1", pkgarch:"i486", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"13.1", arch:"x86_64", pkgname:"perl", pkgver:"5.10.1", pkgarch:"x86_64", pkgnum:"2_slack13.1")) flag++; if (slackware_check(osver:"13.37", pkgname:"perl", pkgver:"5.12.3", pkgarch:"i486", pkgnum:"2_slack13.37")) flag++; if (slackware_check(osver:"13.37", arch:"x86_64", pkgname:"perl", pkgver:"5.12.3", pkgarch:"x86_64", pkgnum:"2_slack13.37")) flag++; if (slackware_check(osver:"14.0", pkgname:"perl", pkgver:"5.16.3", pkgarch:"i486", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"14.0", arch:"x86_64", pkgname:"perl", pkgver:"5.16.3", pkgarch:"x86_64", pkgnum:"1_slack14.0")) flag++; if (slackware_check(osver:"current", pkgname:"perl", pkgver:"5.16.3", pkgarch:"i486", pkgnum:"1")) flag++; if (slackware_check(osver:"current", arch:"x86_64", pkgname:"perl", pkgver:"5.16.3", pkgarch:"x86_64", pkgnum:"1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:slackware_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2013-3436.NASL description Fix CVE-2013-1667 (DoS in rehashing code). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-03-22 plugin id 65647 published 2013-03-22 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65647 title Fedora 18 : perl-5.16.2-240.fc18 (2013-3436) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-3436. # include("compat.inc"); if (description) { script_id(65647); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1667"); script_bugtraq_id(58311); script_xref(name:"FEDORA", value:"2013-3436"); script_name(english:"Fedora 18 : perl-5.16.2-240.fc18 (2013-3436)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Fix CVE-2013-1667 (DoS in rehashing code). Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=912276" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-March/100853.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e2c59b1a" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:18"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/05"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/22"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^18([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 18.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC18", reference:"perl-5.16.2-240.fc18")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-512_20130521.NASL description The remote Solaris system is missing necessary patches to address security updates : - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVE-2013-1667) last seen 2020-06-01 modified 2020-06-02 plugin id 80726 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80726 title Oracle Solaris Third-Party Patch Update : perl-512 (cve_2013_1667_denial_of1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the Oracle Third Party software advisories. # include("compat.inc"); if (description) { script_id(80726); script_version("1.2"); script_cvs_date("Date: 2018/11/15 20:50:24"); script_cve_id("CVE-2013-1667"); script_name(english:"Oracle Solaris Third-Party Patch Update : perl-512 (cve_2013_1667_denial_of1)"); script_summary(english:"Check for the 'entire' version."); script_set_attribute( attribute:"synopsis", value: "The remote Solaris system is missing a security patch for third-party software." ); script_set_attribute( attribute:"description", value: "The remote Solaris system is missing necessary patches to address security updates : - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVE-2013-1667)" ); # https://www.oracle.com/technetwork/topics/security/thirdparty-patch-map-1482893.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?4a913f44" ); script_set_attribute( attribute:"see_also", value:"https://blogs.oracle.com/sunsecurity/cve-2013-1667-denial-of-service-dos-vulnerability-in-perl-512" ); script_set_attribute(attribute:"solution", value:"Upgrade to Solaris 11.1.7.5.0."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:solaris:11.1"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:solaris:perl-512"); script_set_attribute(attribute:"patch_publication_date", value:"2013/05/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/01/19"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2018 Tenable Network Security, Inc."); script_family(english:"Solaris Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/Solaris11/release", "Host/Solaris11/pkg-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("solaris.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Solaris11/release"); if (isnull(release)) audit(AUDIT_OS_NOT, "Solaris11"); pkg_list = solaris_pkg_list_leaves(); if (isnull (pkg_list)) audit(AUDIT_PACKAGE_LIST_MISSING, "Solaris pkg-list packages"); if (empty_or_null(egrep(string:pkg_list, pattern:"^perl-512$"))) audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl-512"); flag = 0; if (solaris_check_release(release:"0.5.11-0.175.1.7.0.5.0", sru:"SRU 11.1.7.5.0") > 0) flag++; if (flag) { error_extra = 'Affected package : perl-512\n' + solaris_get_report2(); error_extra = ereg_replace(pattern:"version", replace:"OS version", string:error_extra); if (report_verbosity > 0) security_hole(port:0, extra:error_extra); else security_hole(0); exit(0); } else audit(AUDIT_PACKAGE_NOT_AFFECTED, "perl-512");
NASL family OracleVM Local Security Checks NASL id ORACLEVM_OVMSA-2016-0076.NASL description The remote OracleVM system is missing necessary patches to address critical security updates : - Do not extend allowable epoch values in Time::Local::timelocal to remove useless warning on 64-bit platforms (Resolves: rhbz#1149375) - Fix perl segfaults with custom signal handle (Resolves: rhbz#991854) - Reorder AnyDBM_File back-end preference (Resolves: rhbz#1018721) - Fix backslash interpolation in Locale::Maketext (Resolves: rhbz#1029016) - Enable year 2038 for Time::Local on 64-bit platforms (Resolves: rhbz#1057047) - 800340 - strftime memory leak perl bug (RT#73520) - Resolves: rhbz#800340 - Fix CVE-2012-5195 heap buffer overrun at repeatcpy (Resolves: rhbz#915691) - Fix CVE-2012-5526 newline injection due to improper CRLF escaping in Set-Cookie and P3P headers (Resolves: rhbz#915691) - Fix CVE-2012-6329 possible arbitrary code execution via Locale::Maketext (Resolves: rhbz#915691) - Fix CVE-2013-1667 DoS in rehashing code (Resolves: rhbz#915691) - 848156 - Reverts code of perl-5.8.8-U32019.patch - Resolves: rhbz#848156 last seen 2020-03-31 modified 2016-06-22 plugin id 91752 published 2016-06-22 reporter This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/91752 title OracleVM 3.2 : perl (OVMSA-2016-0076) code # # (C) Tenable Network Security, Inc. # # The package checks in this plugin were extracted from OracleVM # Security Advisory OVMSA-2016-0076. # include("compat.inc"); if (description) { script_id(91752); script_version("2.13"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_name(english:"OracleVM 3.2 : perl (OVMSA-2016-0076)"); script_summary(english:"Checks the RPM output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote OracleVM host is missing a security update." ); script_set_attribute( attribute:"description", value: "The remote OracleVM system is missing necessary patches to address critical security updates : - Do not extend allowable epoch values in Time::Local::timelocal to remove useless warning on 64-bit platforms (Resolves: rhbz#1149375) - Fix perl segfaults with custom signal handle (Resolves: rhbz#991854) - Reorder AnyDBM_File back-end preference (Resolves: rhbz#1018721) - Fix backslash interpolation in Locale::Maketext (Resolves: rhbz#1029016) - Enable year 2038 for Time::Local on 64-bit platforms (Resolves: rhbz#1057047) - 800340 - strftime memory leak perl bug (RT#73520) - Resolves: rhbz#800340 - Fix CVE-2012-5195 heap buffer overrun at repeatcpy (Resolves: rhbz#915691) - Fix CVE-2012-5526 newline injection due to improper CRLF escaping in Set-Cookie and P3P headers (Resolves: rhbz#915691) - Fix CVE-2012-6329 possible arbitrary code execution via Locale::Maketext (Resolves: rhbz#915691) - Fix CVE-2013-1667 DoS in rehashing code (Resolves: rhbz#915691) - 848156 - Reverts code of perl-5.8.8-U32019.patch - Resolves: rhbz#848156" ); script_set_attribute( attribute:"see_also", value:"https://oss.oracle.com/pipermail/oraclevm-errata/2016-June/000491.html" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:oracle:vm:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:oracle:vm_server:3.2"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/21"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/22"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"OracleVM Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/OracleVM/release", "Host/OracleVM/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/OracleVM/release"); if (isnull(release) || "OVS" >!< release) audit(AUDIT_OS_NOT, "OracleVM"); if (! preg(pattern:"^OVS" + "3\.2" + "(\.[0-9]|$)", string:release)) audit(AUDIT_OS_NOT, "OracleVM 3.2", "OracleVM " + release); if (!get_kb_item("Host/OracleVM/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "OracleVM", cpu); if ("x86_64" >!< cpu) audit(AUDIT_ARCH_NOT, "x86_64", cpu); flag = 0; if (rpm_check(release:"OVS3.2", reference:"perl-5.8.8-43.el5_11")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Ubuntu Local Security Checks NASL id UBUNTU_USN-1770-1.NASL description Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-01 modified 2020-06-02 plugin id 65629 published 2013-03-20 reporter Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65629 title Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerability (USN-1770-1) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Ubuntu Security Notice USN-1770-1. The text # itself is copyright (C) Canonical, Inc. See # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered # trademark of Canonical, Inc. # include("compat.inc"); if (description) { script_id(65629); script_version("1.10"); script_cvs_date("Date: 2019/09/19 12:54:29"); script_cve_id("CVE-2013-1667"); script_bugtraq_id(58311); script_xref(name:"USN", value:"1770-1"); script_name(english:"Ubuntu 8.04 LTS / 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : perl vulnerability (USN-1770-1)"); script_summary(english:"Checks dpkg output for updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Ubuntu host is missing a security-related patch." ); script_set_attribute( attribute:"description", value: "Yves Orton discovered that Perl incorrectly handled hashing when using user-provided hash keys. An attacker could use this flaw to perform a denial of service attack against software written in Perl. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://usn.ubuntu.com/1770-1/" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.04:-:lts"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:12.10"); script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:8.04:-:lts"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/13"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/19"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/20"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"Ubuntu Security Notice (C) 2013-2019 Canonical, Inc. / NASL script (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Ubuntu Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l"); exit(0); } include("audit.inc"); include("ubuntu.inc"); include("misc_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/Ubuntu/release"); if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu"); release = chomp(release); if (! preg(pattern:"^(8\.04|10\.04|11\.10|12\.04|12\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 8.04 / 10.04 / 11.10 / 12.04 / 12.10", "Ubuntu " + release); if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu); flag = 0; if (ubuntu_check(osver:"8.04", pkgname:"perl", pkgver:"5.8.8-12ubuntu0.8")) flag++; if (ubuntu_check(osver:"10.04", pkgname:"perl", pkgver:"5.10.1-8ubuntu2.3")) flag++; if (ubuntu_check(osver:"11.10", pkgname:"perl", pkgver:"5.12.4-4ubuntu0.2")) flag++; if (ubuntu_check(osver:"12.04", pkgname:"perl", pkgver:"5.14.2-6ubuntu2.3")) flag++; if (ubuntu_check(osver:"12.10", pkgname:"perl", pkgver:"5.14.2-13ubuntu0.2")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : ubuntu_report_get() ); exit(0); } else { tested = ubuntu_pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0746.NASL description An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman last seen 2020-06-01 modified 2020-06-02 plugin id 78955 published 2014-11-08 reporter This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/78955 title RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0746. The text # itself is copyright (C) Red Hat, Inc. # include("compat.inc"); if (description) { script_id(78955); script_version("1.11"); script_cvs_date("Date: 2019/10/24 15:35:37"); script_cve_id("CVE-2013-1591", "CVE-2013-1796", "CVE-2013-1797", "CVE-2013-1798"); script_bugtraq_id(58193, 58604, 58605, 58607); script_xref(name:"RHSA", value:"2013:0746"); script_name(english:"RHEL 6 : rhev-hypervisor6 (RHSA-2013:0746)"); script_summary(english:"Checks the rpm output for the updated package"); script_set_attribute( attribute:"synopsis", value:"The remote Red Hat host is missing a security update." ); script_set_attribute( attribute:"description", value: "An updated rhev-hypervisor6 package that fixes several security issues and various bugs is now available. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. The rhev-hypervisor6 package provides a Red Hat Enterprise Virtualization Hypervisor ISO disk image. The Red Hat Enterprise Virtualization Hypervisor is a dedicated Kernel-based Virtual Machine (KVM) hypervisor. It includes everything necessary to run and manage virtual machines: A subset of the Red Hat Enterprise Linux operating environment and the Red Hat Enterprise Virtualization Agent. Note: Red Hat Enterprise Virtualization Hypervisor is only available for the Intel 64 and AMD64 architectures with virtualization extensions. A flaw was found in the way KVM handled guest time updates when the buffer the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) crossed a page boundary. A privileged guest user could use this flaw to crash the host or, potentially, escalate their privileges, allowing them to execute arbitrary code at the host kernel level. (CVE-2013-1796) A potential use-after-free flaw was found in the way KVM handled guest time updates when the GPA (guest physical address) the guest registered by writing to the MSR_KVM_SYSTEM_TIME machine state register (MSR) fell into a movable or removable memory region of the hosting user-space process (by default, QEMU-KVM) on the host. If that memory region is deregistered from KVM using KVM_SET_USER_MEMORY_REGION and the allocated virtual memory reused, a privileged guest user could potentially use this flaw to escalate their privileges on the host. (CVE-2013-1797) A flaw was found in the way KVM emulated IOAPIC (I/O Advanced Programmable Interrupt Controller). A missing validation check in the ioapic_read_indirect() function could allow a privileged guest user to crash the host, or read a substantial portion of host kernel memory. (CVE-2013-1798) An integer overflow flaw was discovered in one of pixman's manipulation routines. If a remote attacker could trick an application using pixman into performing a certain manipulation, it could cause the application to crash or, possibly, execute arbitrary code with the privileges of the user running the application. (CVE-2013-1591) Red Hat would like to thank Andrew Honig of Google for reporting CVE-2013-1796, CVE-2013-1797, and CVE-2013-1798. This updated package provides updated components that include fixes for various security issues. These issues have no security impact on Red Hat Enterprise Virtualization Hypervisor itself, however. The security fixes included in this update address the following CVE numbers : CVE-2013-2266 (a bind issue) CVE-2012-5195, CVE-2012-5526, CVE-2012-6329, and CVE-2013-1667 (perl issues) This update contains the fixes from the following errata : ovirt-node: RHBA-2013:0745 libvirt: RHBA-2013:0725 vdsm: RHBA-2013:0704 kernel: RHSA-2013:0744 Users of the Red Hat Enterprise Virtualization Hypervisor are advised to upgrade to this updated package, which corrects these issues." ); # https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?c6b506c4" ); # https://rhn.redhat.com/errata/RHBA-2013-0745.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2013:0745" ); # https://rhn.redhat.com/errata/RHBA-2013-0725.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2013:0725" ); # https://rhn.redhat.com/errata/RHBA-2013-0704.html script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHBA-2013:0704" ); script_set_attribute( attribute:"see_also", value:"https://rhn.redhat.com/errata/RHSA-2013-0744.html" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2013:0746" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1591" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1798" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1796" ); script_set_attribute( attribute:"see_also", value:"https://access.redhat.com/security/cve/cve-2013-1797" ); script_set_attribute( attribute:"solution", value:"Update the affected rhev-hypervisor6 package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:ND/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:rhev-hypervisor6"); script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/01/31"); script_set_attribute(attribute:"patch_publication_date", value:"2013/04/23"); script_set_attribute(attribute:"plugin_publication_date", value:"2014/11/08"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2014-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Red Hat Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Red Hat" >!< release) audit(AUDIT_OS_NOT, "Red Hat"); os_ver = pregmatch(pattern: "Red Hat Enterprise Linux.*release ([0-9]+(\.[0-9]+)?)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Red Hat"); os_ver = os_ver[1]; if (! preg(pattern:"^6([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Red Hat 6.x", "Red Hat " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$" && "s390" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Red Hat", cpu); yum_updateinfo = get_kb_item("Host/RedHat/yum-updateinfo"); if (!empty_or_null(yum_updateinfo)) { rhsa = "RHSA-2013:0746"; yum_report = redhat_generate_yum_updateinfo_report(rhsa:rhsa); if (!empty_or_null(yum_report)) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : yum_report ); exit(0); } else { audit_message = "affected by Red Hat security advisory " + rhsa; audit(AUDIT_OS_NOT, audit_message); } } else { flag = 0; if (rpm_check(release:"RHEL6", reference:"rhev-hypervisor6-6.4-20130415.0.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() + redhat_report_package_caveat() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "rhev-hypervisor6"); } }
NASL family F5 Networks Local Security Checks NASL id F5_BIGIP_SOL15867.NASL description CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the last seen 2020-03-30 modified 2015-09-16 plugin id 85945 published 2015-09-16 reporter This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/85945 title F5 Networks BIG-IP : Perl vulnerabilities (K15867) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from F5 Networks BIG-IP Solution K15867. # # The text description of this plugin is (C) F5 Networks. # include("compat.inc"); if (description) { script_id(85945); script_version("2.21"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_name(english:"F5 Networks BIG-IP : Perl vulnerabilities (K15867)"); script_summary(english:"Checks the BIG-IP version."); script_set_attribute( attribute:"synopsis", value:"The remote device is missing a vendor-supplied security patch." ); script_set_attribute( attribute:"description", value: "CVE-2012-5195 Heap-based buffer overflow in the Perl_repeatcpy function in util.c in Perl 5.12.x before 5.12.5, 5.14.x before 5.14.3, and 5.15.x before 15.15.5 allows context-dependent attackers to cause a denial of service (memory consumption and crash) or possibly execute arbitrary code via the 'x' string repeat operator. CVE-2012-5526 CGI.pm module before 3.63 for Perl does not properly escape newlines in (1) Set-Cookie or (2) P3P headers, which might allow remote attackers to inject arbitrary headers into responses from applications that use CGI.pm. CVE-2012-6329 The _compile function in Maketext.pm in the Locale::Maketext implementation in Perl before 5.17.7 does not properly handle backslashes and fully qualified method names during compilation of bracket notation, which allows context-dependent attackers to execute arbitrary commands via crafted input to an application that accepts translation strings from users, as demonstrated by the TWiki application before 5.1.3, and the Foswiki application 1.0.x through 1.0.10 and 1.1.x through 1.1.6. CVE-2013-1667 The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key." ); script_set_attribute( attribute:"see_also", value:"https://support.f5.com/csp/article/K15867" ); script_set_attribute( attribute:"solution", value: "Upgrade to one of the non-vulnerable versions listed in the F5 Solution K15867." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"potential_vulnerability", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_access_policy_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_advanced_firewall_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_acceleration_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_security_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_application_visibility_and_reporting"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_global_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_link_controller"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_local_traffic_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_policy_enforcement_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_wan_optimization_manager"); script_set_attribute(attribute:"cpe", value:"cpe:/a:f5:big-ip_webaccelerator"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip"); script_set_attribute(attribute:"cpe", value:"cpe:/h:f5:big-ip_protocol_security_manager"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2014/11/25"); script_set_attribute(attribute:"plugin_publication_date", value:"2015/09/16"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2015-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"F5 Networks Local Security Checks"); script_dependencies("f5_bigip_detect.nbin"); script_require_keys("Host/local_checks_enabled", "Host/BIG-IP/hotfix", "Host/BIG-IP/modules", "Host/BIG-IP/version", "Settings/ParanoidReport"); exit(0); } include("f5_func.inc"); if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); version = get_kb_item("Host/BIG-IP/version"); if ( ! version ) audit(AUDIT_OS_NOT, "F5 Networks BIG-IP"); if ( isnull(get_kb_item("Host/BIG-IP/hotfix")) ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/hotfix"); if ( ! get_kb_item("Host/BIG-IP/modules") ) audit(AUDIT_KB_MISSING, "Host/BIG-IP/modules"); sol = "K15867"; vmatrix = make_array(); if (report_paranoia < 2) audit(AUDIT_PARANOID); # AFM vmatrix["AFM"] = make_array(); vmatrix["AFM"]["affected" ] = make_list("11.3.0-11.6.1"); vmatrix["AFM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # AM vmatrix["AM"] = make_array(); vmatrix["AM"]["affected" ] = make_list("11.4.0-11.6.1"); vmatrix["AM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # APM vmatrix["APM"] = make_array(); vmatrix["APM"]["affected" ] = make_list("11.0.0-11.6.1","10.1.0-10.2.4"); vmatrix["APM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # ASM vmatrix["ASM"] = make_array(); vmatrix["ASM"]["affected" ] = make_list("11.0.0-11.6.1","10.0.0-10.2.4"); vmatrix["ASM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # AVR vmatrix["AVR"] = make_array(); vmatrix["AVR"]["affected" ] = make_list("11.0.0-11.6.1"); vmatrix["AVR"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # GTM vmatrix["GTM"] = make_array(); vmatrix["GTM"]["affected" ] = make_list("11.0.0-11.6.1","10.0.0-10.2.4"); vmatrix["GTM"]["unaffected"] = make_list("11.6.1HF1","11.5.4HF4"); # LC vmatrix["LC"] = make_array(); vmatrix["LC"]["affected" ] = make_list("11.0.0-11.6.1","10.0.0-10.2.4"); vmatrix["LC"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # LTM vmatrix["LTM"] = make_array(); vmatrix["LTM"]["affected" ] = make_list("11.0.0-11.6.1","10.0.0-10.2.4"); vmatrix["LTM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); # PEM vmatrix["PEM"] = make_array(); vmatrix["PEM"]["affected" ] = make_list("11.3.0-11.6.1"); vmatrix["PEM"]["unaffected"] = make_list("12.0.0-12.1.2","11.6.1HF1","11.5.4HF4"); if (bigip_is_affected(vmatrix:vmatrix, sol:sol)) { if (report_verbosity > 0) security_hole(port:0, extra:bigip_report_get()); else security_hole(0); exit(0); } else { tested = bigip_get_tested_modules(); audit_extra = "For BIG-IP module(s) " + tested + ","; if (tested) audit(AUDIT_INST_VER_NOT_VULN, audit_extra, version); else audit(AUDIT_HOST_NOT, "running any of the affected modules"); }
NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_68C1F75B882411E29996C48508086173.NASL description Perl developers report : In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible. last seen 2020-06-01 modified 2020-06-02 plugin id 65199 published 2013-03-12 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65199 title FreeBSD : perl -- denial of service via algorithmic complexity attack on hashing routines (68c1f75b-8824-11e2-9996-c48508086173) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from the FreeBSD VuXML database : # # Copyright 2003-2019 Jacques Vidrine and contributors # # Redistribution and use in source (VuXML) and 'compiled' forms (SGML, # HTML, PDF, PostScript, RTF and so forth) with or without modification, # are permitted provided that the following conditions are met: # 1. Redistributions of source code (VuXML) must retain the above # copyright notice, this list of conditions and the following # disclaimer as the first lines of this file unmodified. # 2. Redistributions in compiled form (transformed to other DTDs, # published online in any format, converted to PDF, PostScript, # RTF and other formats) must reproduce the above copyright # notice, this list of conditions and the following disclaimer # in the documentation and/or other materials provided with the # distribution. # # THIS DOCUMENTATION IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS "AS IS" # AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, # THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, # OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT # OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR # BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE # OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS DOCUMENTATION, # EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # include("compat.inc"); if (description) { script_id(65199); script_version("1.8"); script_cvs_date("Date: 2019/07/10 16:04:13"); script_cve_id("CVE-2013-1667"); script_name(english:"FreeBSD : perl -- denial of service via algorithmic complexity attack on hashing routines (68c1f75b-8824-11e2-9996-c48508086173)"); script_summary(english:"Checks for updated packages in pkg_info output"); script_set_attribute( attribute:"synopsis", value: "The remote FreeBSD host is missing one or more security-related updates." ); script_set_attribute( attribute:"description", value: "Perl developers report : In order to prevent an algorithmic complexity attack against its hashing mechanism, perl will sometimes recalculate keys and redistribute the contents of a hash. This mechanism has made perl robust against attacks that have been demonstrated against other systems. Research by Yves Orton has recently uncovered a flaw in the rehashing code which can result in pathological behavior. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Because using user-provided strings as hash keys is a very common operation, we urge users of perl to update their perl executable as soon as possible." ); # http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?ed817f26" ); # https://vuxml.freebsd.org/freebsd/68c1f75b-8824-11e2-9996-c48508086173.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9ea930fe" ); script_set_attribute(attribute:"solution", value:"Update the affected packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:freebsd:freebsd:perl-threaded"); script_set_attribute(attribute:"cpe", value:"cpe:/o:freebsd:freebsd"); script_set_attribute(attribute:"vuln_publication_date", value:"2013/03/04"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/10"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"FreeBSD Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/FreeBSD/release", "Host/FreeBSD/pkg_info"); exit(0); } include("audit.inc"); include("freebsd_package.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); if (!get_kb_item("Host/FreeBSD/release")) audit(AUDIT_OS_NOT, "FreeBSD"); if (!get_kb_item("Host/FreeBSD/pkg_info")) audit(AUDIT_PACKAGE_LIST_MISSING); flag = 0; if (pkg_test(save_report:TRUE, pkg:"perl<5.12.4_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"perl>=5.14.0<5.14.2_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"perl>=5.16.0<5.16.2_1")) flag++; if (pkg_test(save_report:TRUE, pkg:"perl-threaded<5.12.4_5")) flag++; if (pkg_test(save_report:TRUE, pkg:"perl-threaded>=5.14.0<5.14.2_3")) flag++; if (pkg_test(save_report:TRUE, pkg:"perl-threaded>=5.16.0<5.16.2_1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:pkg_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family MacOS X Local Security Checks NASL id MACOSX_10_9.NASL description The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB last seen 2020-06-01 modified 2020-06-02 plugin id 70561 published 2013-10-23 reporter This script is Copyright (C) 2013-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/70561 title Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST) code # # (C) Tenable Network Security, Inc. # include("compat.inc"); if (description) { script_id(70561); script_version("1.11"); script_cvs_date("Date: 2018/07/14 1:59:36"); script_cve_id( "CVE-2011-2391", "CVE-2011-3389", "CVE-2011-3427", "CVE-2011-4944", "CVE-2012-0845", "CVE-2012-0876", "CVE-2012-1150", "CVE-2013-0249", "CVE-2013-1667", "CVE-2013-1944", "CVE-2013-3950", "CVE-2013-3954", "CVE-2013-4073", "CVE-2013-5135", "CVE-2013-5138", "CVE-2013-5139", "CVE-2013-5141", "CVE-2013-5142", "CVE-2013-5145", "CVE-2013-5165", "CVE-2013-5166", "CVE-2013-5167", "CVE-2013-5168", "CVE-2013-5169", "CVE-2013-5170", "CVE-2013-5171", "CVE-2013-5172", "CVE-2013-5173", "CVE-2013-5174", "CVE-2013-5175", "CVE-2013-5176", "CVE-2013-5177", "CVE-2013-5178", "CVE-2013-5179", "CVE-2013-5180", "CVE-2013-5181", "CVE-2013-5182", "CVE-2013-5183", "CVE-2013-5184", "CVE-2013-5185", "CVE-2013-5186", "CVE-2013-5187", "CVE-2013-5188", "CVE-2013-5189", "CVE-2013-5190", "CVE-2013-5191", "CVE-2013-5192", "CVE-2013-5229" ); script_bugtraq_id( 49778, 51239, 51996, 52379, 52732, 57842, 58311, 59058, 60437, 60444, 60843, 62520, 62522, 62523, 62529, 62531, 62536, 63284, 63290, 63311, 63312, 63313, 63314, 63316, 63317, 63319, 63320, 63321, 63322, 63329, 63330, 63331, 63332, 63335, 63336, 63339, 63343, 63344, 63345, 63346, 63347, 63348, 63349, 63350, 63351, 63352, 63353 ); script_xref(name:"APPLE-SA", value:"APPLE-SA-2013-10-22-3"); script_xref(name:"CERT", value:"864643"); script_name(english:"Mac OS X 10.x < 10.9 Multiple Vulnerabilities (BEAST)"); script_summary(english:"Check the version of Mac OS X."); script_set_attribute( attribute:"synopsis", value: "The remote host is missing a Mac OS X update that fixes multiple security vulnerabilities." ); script_set_attribute( attribute:"description", value: "The remote host is running a version of Mac OS X 10.x that is prior to version 10.9. The newer version contains multiple security-related fixes for the following components : - Application Firewall - App Sandbox - Bluetooth - CFNetwork - CFNetwork SSL - Console - CoreGraphics - curl - dyld - IOKitUser - IOSerialFamily - Kernel - Kext Management - LaunchServices - Libc - Mail Accounts - Mail Header Display - Mail Networking - OpenLDAP - perl - Power Management - python - ruby - Security - Security - Authorization - Security - Smart Card Services - Screen Lock - Screen Sharing Server - syslog - USB" ); script_set_attribute(attribute:"see_also", value:"http://support.apple.com/kb/HT6011"); script_set_attribute(attribute:"see_also", value:"http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html"); script_set_attribute(attribute:"see_also", value:"https://www.imperialviolet.org/2011/09/23/chromeandbeast.html"); script_set_attribute(attribute:"see_also", value:"https://www.openssl.org/~bodo/tls-cbc.txt"); script_set_attribute(attribute:"solution", value:"Upgrade to Mac OS X 10.9 or later."); script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C"); script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/31"); script_set_attribute(attribute:"patch_publication_date", value:"2013/10/22"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/10/23"); script_set_attribute(attribute:"plugin_type", value:"combined"); script_set_attribute(attribute:"cpe", value:"cpe:/o:apple:mac_os_x"); script_set_attribute(attribute:"in_the_news", value:"true"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_family(english:"MacOS X Local Security Checks"); script_copyright(english:"This script is Copyright (C) 2013-2018 Tenable Network Security, Inc."); script_dependencies("ssh_get_info.nasl", "os_fingerprint.nasl"); script_require_ports("Host/MacOSX/Version", "Host/OS"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("misc_func.inc"); os = get_kb_item("Host/MacOSX/Version"); if (!os) { os = get_kb_item_or_exit("Host/OS"); if ("Mac OS X" >!< os) audit(AUDIT_OS_NOT, "Mac OS X"); c = get_kb_item("Host/OS/Confidence"); if (c <= 70) exit(1, "Can't determine the host's OS with sufficient confidence."); } if (!os) audit(AUDIT_OS_NOT, "Mac OS X"); match = eregmatch(pattern:"Mac OS X (10\.[0-9.]+)", string:os); if (!isnull(match)) { version = match[1]; fixed_version = "10.9"; if (ver_compare(ver:version, fix:fixed_version, strict:FALSE) == -1) { if (report_verbosity > 0) { report = '\n Installed version : ' + version + '\n Fixed version : ' + fixed_version + '\n'; security_hole(port:0, extra:report); } else security_hole(0); exit(0); } } exit(0, "The host is not affected as it is running "+os+".");
NASL family CentOS Local Security Checks NASL id CENTOS_RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-30 modified 2013-03-27 plugin id 65694 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65694 title CentOS 5 / 6 : perl (CESA-2013:0685) code # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Red Hat Security Advisory RHSA-2013:0685 and # CentOS Errata and Security Advisory 2013:0685 respectively. # include("compat.inc"); if (description) { script_id(65694); script_version("1.26"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/30"); script_cve_id("CVE-2012-5195", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_bugtraq_id(56287, 56562, 56950, 58311); script_xref(name:"RHSA", value:"2013:0685"); script_name(english:"CentOS 5 / 6 : perl (CESA-2013:0685)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote CentOS host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl's rehashing code implementation, responsible for recalculation of hash keys and redistribution of hash content, handled certain input. If an attacker supplied specially crafted input to be used as hash keys by a Perl application, it could cause excessive memory consumption. (CVE-2013-1667) It was found that the Perl CGI module, used to handle Common Gateway Interface requests and responses, incorrectly sanitized the values for Set-Cookie and P3P headers. If a Perl application using the CGI module reused cookies values and accepted untrusted input from web browsers, a remote attacker could use this flaw to alter member items of the cookie or add new items. (CVE-2012-5526) It was found that the Perl Locale::Maketext module, used to localize Perl applications, did not properly handle backslashes or fully-qualified method names. An attacker could possibly use this flaw to execute arbitrary Perl code with the privileges of a Perl application that uses untrusted Locale::Maketext templates. (CVE-2012-6329) Red Hat would like to thank the Perl project for reporting CVE-2012-5195 and CVE-2013-1667. Upstream acknowledges Tim Brown as the original reporter of CVE-2012-5195 and Yves Orton as the original reporter of CVE-2013-1667. All Perl users should upgrade to these updated packages, which contain backported patches to correct these issues. All running Perl programs must be restarted for this update to take effect." ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019668.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?fae8bbce" ); # https://lists.centos.org/pipermail/centos-announce/2013-March/019669.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?0fe51482" ); script_set_attribute(attribute:"solution", value:"Update the affected perl packages."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:F/RL:OF/RC:C"); script_set_attribute(attribute:"cvss_score_source", value:"CVE-2012-5195"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"Foswiki 1.1.5 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Archive-Extract"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Archive-Tar"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CGI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CPAN"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-CPANPLUS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Compress-Raw-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Compress-Raw-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Digest-SHA"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-ExtUtils-CBuilder"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-ExtUtils-Embed"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-ExtUtils-MakeMaker"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-ExtUtils-ParseXS"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-File-Fetch"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-IO-Compress-Base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-IO-Compress-Bzip2"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-IO-Compress-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-IO-Zlib"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-IPC-Cmd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Locale-Maketext-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Log-Message"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Log-Message-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-Build"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-CoreList"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-Load"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-Load-Conditional"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-Loaded"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Module-Pluggable"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Object-Accessor"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Package-Constants"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Params-Check"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Parse-CPAN-Meta"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Pod-Escapes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Pod-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Term-UI"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Test-Harness"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Test-Simple"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Time-HiRes"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-Time-Piece"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-core"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-libs"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-parent"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-suidperl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:centos:centos:perl-version"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:5"); script_set_attribute(attribute:"cpe", value:"cpe:/o:centos:centos:6"); script_set_attribute(attribute:"vuln_publication_date", value:"2012/11/21"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/27"); script_set_attribute(attribute:"generated_plugin", value:"current"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"CentOS Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/CentOS/release", "Host/CentOS/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/CentOS/release"); if (isnull(release) || "CentOS" >!< release) audit(AUDIT_OS_NOT, "CentOS"); os_ver = pregmatch(pattern: "CentOS(?: Linux)? release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "CentOS"); os_ver = os_ver[1]; if (! preg(pattern:"^(5|6)([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "CentOS 5.x / 6.x", "CentOS " + os_ver); if (!get_kb_item("Host/CentOS/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "CentOS", cpu); flag = 0; if (rpm_check(release:"CentOS-5", reference:"perl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"CentOS-5", reference:"perl-suidperl-5.8.8-40.el5_9")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Archive-Extract-0.38-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Archive-Tar-1.58-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-CGI-3.51-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-CPAN-1.9402-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-CPANPLUS-0.88-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Compress-Raw-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Compress-Raw-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Digest-SHA-5.47-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-ExtUtils-CBuilder-0.27-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-ExtUtils-Embed-1.28-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-ExtUtils-MakeMaker-6.55-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-ExtUtils-ParseXS-2.2003.0-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-File-Fetch-0.26-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-IO-Compress-Base-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-IO-Compress-Bzip2-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-IO-Compress-Zlib-2.020-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-IO-Zlib-1.09-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-IPC-Cmd-0.56-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Locale-Maketext-Simple-0.18-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Log-Message-0.02-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Log-Message-Simple-0.04-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-Build-0.3500-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-CoreList-2.18-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-Load-0.16-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-Load-Conditional-0.30-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-Loaded-0.02-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Module-Pluggable-3.90-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Object-Accessor-0.34-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Package-Constants-0.02-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Params-Check-0.26-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Parse-CPAN-Meta-1.40-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Pod-Escapes-1.04-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Pod-Simple-3.13-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Term-UI-0.20-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Test-Harness-3.17-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Test-Simple-0.92-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Time-HiRes-1.9721-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-Time-Piece-1.15-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-core-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-devel-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-libs-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-parent-0.221-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-suidperl-5.10.1-130.el6_4")) flag++; if (rpm_check(release:"CentOS-6", reference:"perl-version-0.77-130.el6_4")) flag++; if (flag) { security_report_v4( port : 0, severity : SECURITY_HOLE, extra : rpm_report_get() ); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl / perl-Archive-Extract / perl-Archive-Tar / perl-CGI / etc"); }
NASL family SuSE Local Security Checks NASL id SUSE_11_PERL-130301.NASL description This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] last seen 2020-06-05 modified 2013-03-13 plugin id 65247 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65247 title SuSE 11.2 Security Update : Perl (SAT Patch Number 7439) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from SuSE 11 update information. The text itself is # copyright (C) Novell, Inc. # if (NASL_LEVEL < 3000) exit(0); include("compat.inc"); if (description) { script_id(65247); script_version("1.9"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2011-2728", "CVE-2012-5526", "CVE-2012-6329", "CVE-2013-1667"); script_name(english:"SuSE 11.2 Security Update : Perl (SAT Patch Number 7439)"); script_summary(english:"Checks rpm output for the updated packages"); script_set_attribute( attribute:"synopsis", value:"The remote SuSE 11 host is missing one or more security updates." ); script_set_attribute( attribute:"description", value: "This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329]" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=789994" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=796014" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=797060" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.novell.com/show_bug.cgi?id=804415" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2011-2728.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-5526.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2012-6329.html" ); script_set_attribute( attribute:"see_also", value:"http://support.novell.com/security/cve/CVE-2013-1667.html" ); script_set_attribute(attribute:"solution", value:"Apply SAT patch number 7439."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available"); script_set_attribute(attribute:"exploit_available", value:"true"); script_set_attribute(attribute:"d2_elliot_name", value:"TWiki 5.1.2 RCE"); script_set_attribute(attribute:"exploit_framework_d2_elliot", value:"true"); script_set_attribute(attribute:"metasploit_name", value:'TWiki MAKETEXT Remote Command Execution'); script_set_attribute(attribute:"exploit_framework_metasploit", value:"true"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-32bit"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-base"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:suse_linux:11:perl-doc"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:suse_linux:11"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/01"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/03/13"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release !~ "^(SLED|SLES)11") audit(AUDIT_OS_NOT, "SuSE 11"); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if (cpu !~ "^i[3-6]86$" && "x86_64" >!< cpu && "s390x" >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "SuSE 11", cpu); pl = get_kb_item("Host/SuSE/patchlevel"); if (isnull(pl) || int(pl) != 2) audit(AUDIT_OS_NOT, "SuSE 11.2"); flag = 0; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"i586", reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLED11", sp:2, cpu:"x86_64", reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-base-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, reference:"perl-doc-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"s390x", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (rpm_check(release:"SLES11", sp:2, cpu:"x86_64", reference:"perl-32bit-5.10.0-64.61.61.1")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else audit(AUDIT_HOST_NOT, "affected");
NASL family Fedora Local Security Checks NASL id FEDORA_2013-3673.NASL description Update to Perl 5.14.4 Fix CVE-2013-1667 (DoS in rehashing code). Add NAME section to perl-CPAN manual pages to build whatis database properly. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-03-17 modified 2013-04-03 plugin id 65772 published 2013-04-03 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65772 title Fedora 17 : perl-5.14.4-224.fc17 (2013-3673) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2013-3673. # include("compat.inc"); if (description) { script_id(65772); script_version("1.8"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/03/12"); script_cve_id("CVE-2013-1667"); script_bugtraq_id(58311); script_xref(name:"FEDORA", value:"2013-3673"); script_name(english:"Fedora 17 : perl-5.14.4-224.fc17 (2013-3673)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Update to Perl 5.14.4 Fix CVE-2013-1667 (DoS in rehashing code). Add NAME section to perl-CPAN manual pages to build whatis database properly. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=912276" ); # https://lists.fedoraproject.org/pipermail/package-announce/2013-April/101381.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?43583af5" ); script_set_attribute(attribute:"solution", value:"Update the affected perl package."); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P"); script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C"); script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available"); script_set_attribute(attribute:"exploit_available", value:"false"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:perl"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:17"); script_set_attribute(attribute:"patch_publication_date", value:"2013/03/12"); script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/03"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^17([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 17.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC17", reference:"perl-5.14.4-224.fc17")) flag++; if (flag) { if (report_verbosity > 0) security_hole(port:0, extra:rpm_report_get()); else security_hole(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "perl"); }
NASL family Debian Local Security Checks NASL id DEBIAN_DSA-2641.NASL description Yves Orton discovered a flaw in the rehashing code of Perl. This flaw could be exploited to carry out a denial of service attack against code that uses arbitrary user input as hash keys. Specifically an attacker could create a set of keys of a hash causing a denial of service via memory exhaustion. last seen 2020-03-17 modified 2013-03-11 plugin id 65178 published 2013-03-11 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65178 title Debian DSA-2641-2 : perl - rehashing flaw NASL family Scientific Linux Local Security Checks NASL id SL_20130326_PERL_ON_SL5_X.NASL description A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-18 modified 2013-03-28 plugin id 65715 published 2013-03-28 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65715 title Scientific Linux Security Update : perl on SL5.x, SL6.x i386/x86_64 (20130326) NASL family SuSE Local Security Checks NASL id OPENSUSE-2013-225.NASL description Perl was updated to fix 3 security issues : - fix rehash denial of service (compute time) [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - sanitize input in Maketext.pm to avoid code injection [bnc#797060] [CVE-2012-6329] In openSUSE 12.1 also the following non-security bug was fixed : - fix IPC::Open3 bug when last seen 2020-06-05 modified 2014-06-13 plugin id 74932 published 2014-06-13 reporter This script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/74932 title openSUSE Security Update : perl (openSUSE-SU-2013:0497-1) NASL family Solaris Local Security Checks NASL id SOLARIS11_PERL-516_20130521.NASL description The remote Solaris system is missing necessary patches to address security updates : - The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. (CVE-2013-1667) last seen 2020-06-01 modified 2020-06-02 plugin id 80728 published 2015-01-19 reporter This script is Copyright (C) 2015-2018 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/80728 title Oracle Solaris Third-Party Patch Update : perl-516 (cve_2013_1667_denial_of2) NASL family SuSE Local Security Checks NASL id SUSE_PERL-8479.NASL description This update of Perl 5 fixes the following security issues : - fix rehash DoS [bnc#804415] [CVE-2013-1667] - improve CGI crlf escaping [bnc#789994] [CVE-2012-5526] - fix glob denial of service [bnc#796014] [CVE-2011-2728] - sanitize input in Maketext.pm [bnc#797060] [CVE-2012-6329] - make getgrent work with long group entries [bnc#788388] last seen 2020-06-05 modified 2013-03-13 plugin id 65249 published 2013-03-13 reporter This script is Copyright (C) 2013-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/65249 title SuSE 10 Security Update : Perl (ZYPP Patch Number 8479) NASL family Red Hat Local Security Checks NASL id REDHAT-RHSA-2013-0685.NASL description Updated perl packages that fix multiple security issues now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Perl is a high-level programming language commonly used for system administration utilities and web programming. A heap overflow flaw was found in Perl. If a Perl application allowed user input to control the count argument of the string repeat operator, an attacker could cause the application to crash or, potentially, execute arbitrary code with the privileges of the user running the application. (CVE-2012-5195) A denial of service flaw was found in the way Perl last seen 2020-03-31 modified 2013-03-27 plugin id 65698 published 2013-03-27 reporter This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/65698 title RHEL 5 / 6 : perl (RHSA-2013:0685) NASL family Mandriva Local Security Checks NASL id MANDRIVA_MDVSA-2013-113.NASL description Updated perl packages fix security vulnerability : It was discovered that Perl last seen 2020-06-01 modified 2020-06-02 plugin id 66125 published 2013-04-20 reporter This script is Copyright (C) 2013-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/66125 title Mandriva Linux Security Advisory : perl (MDVSA-2013:113)
Oval
accepted | 2015-04-20T04:00:45.813-04:00 | ||||||||||||||||||||
class | vulnerability | ||||||||||||||||||||
contributors |
| ||||||||||||||||||||
description | The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key. | ||||||||||||||||||||
family | unix | ||||||||||||||||||||
id | oval:org.mitre.oval:def:18771 | ||||||||||||||||||||
status | accepted | ||||||||||||||||||||
submitted | 2013-11-22T11:43:28.000-05:00 | ||||||||||||||||||||
title | HP-UX running perl, Remote Denial of Service (DoS) | ||||||||||||||||||||
version | 47 |
Redhat
advisories |
| ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
rpms |
|
References
- http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=702296
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10735
- http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
- http://marc.info/?l=bugtraq&m=137891988921058&w=2
- http://osvdb.org/90892
- http://perl5.git.perl.org/perl.git/commitdiff/6e79fe5
- http://perl5.git.perl.org/perl.git/commitdiff/9d83adc
- http://perl5.git.perl.org/perl.git/commitdiff/d59e31f
- http://rhn.redhat.com/errata/RHSA-2013-0685.html
- http://secunia.com/advisories/52472
- http://secunia.com/advisories/52499
- http://www.debian.org/security/2013/dsa-2641
- http://www.mandriva.com/security/advisories?name=MDVSA-2013:113
- http://www.nntp.perl.org/group/perl.perl5.porters/2013/03/msg199755.html
- http://www.oracle.com/technetwork/topics/security/ovmbulletinjul2016-3090546.html
- http://www.securityfocus.com/bid/58311
- http://www.ubuntu.com/usn/USN-1770-1
- https://bugzilla.redhat.com/show_bug.cgi?id=912276
- https://exchange.xforce.ibmcloud.com/vulnerabilities/82598
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A18771
- https://wiki.mageia.org/en/Support/Advisories/MGASA-2013-0094