Executive Summary

Summary
Title	HP Tru64 UNIX running Perl, Remote Execution of Arbitrary Code

Informations
Name	HPSBTU02311 SSRT080001	First vendor Publication	2008-02-19
Vendor	HP	Last vendor Modification	2008-02-19
Severity (Vendor)	N/A	Revision	1

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score	NA
Base Score	NA	Environmental Score	NA
impact SubScore	NA	Temporal Score	NA
Exploitabality Sub Score	NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:L/Au:N/C:P/I:P/A:P)
Cvss Base Score	7.5	Attack Range	Network
Cvss Impact Score	6.4	Attack Complexity	Low
Cvss Expoit Score	10	Authentication	None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A potential security vulnerability has been identified in Perl 5.8.7 and earlier running on HP Tru64 UNIX. The vulnerability could be exploited remotely to execute arbitrary code.

Original Source

Url : http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01362465

CWE : Common Weakness Enumeration

%	Id	Name
100 %	CWE-119	Failure to Constrain Operations within the Bounds of a Memory Buffer

OVAL Definitions

 

Definition Id: oval:org.mitre.oval:def:10669
Oval ID:	oval:org.mitre.oval:def:10669
Title:	Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Description:	Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Family:	unix	Class:	vulnerability
Reference(s):	CVE-2007-5116	Version:	5
Platform(s):	Red Hat Enterprise Linux 3 CentOS Linux 3 Red Hat Enterprise Linux 4 CentOS Linux 4 Oracle Linux 4 Red Hat Enterprise Linux 5 CentOS Linux 5 Oracle Linux 5	Product(s):
Definition Synopsis:
OS Section: RHEL3, CentOS3 RHEL3 or CentOS3 The operating system installed on the system is Red Hat Enterprise Linux 3 AND CentOS Linux 3.x AND Configuration section perl-suidperl is earlier than 2:5.8.0-97.EL3 AND perl is earlier than 2:5.8.0-97.EL3 AND perl-CPAN is earlier than 2:1.61-97.EL3 AND perl-CGI is earlier than 2:2.89-97.EL3 AND perl-DB_File is earlier than 2:1.806-97.EL3 OR OS Section: RHEL4, CentOS4, Oracle Linux 4 RHEL4, CentOS4 or Oracle Linux 4 The operating system installed on the system is Red Hat Enterprise Linux 4 AND CentOS Linux 4.x AND Oracle Linux 4.x AND Configuration section perl-suidperl is earlier than 3:5.8.5-36.el4_5.2 AND perl is earlier than 3:5.8.5-36.el4_5.2 OR OS Section: RHEL5, CentOS5, Oracle Linux 5 RHEL5, CentOS5 or Oracle Linux 5 The operating system installed on the system is Red Hat Enterprise Linux 5 AND CentOS Linux 5.x AND Oracle Linux 5.x AND Configuration section perl-suidperl is earlier than 4:5.8.8-10.el5_0.2 AND perl is earlier than 4:5.8.8-10.el5_0.2

 

Definition Id: oval:org.mitre.oval:def:17476
Oval ID:	oval:org.mitre.oval:def:17476
Title:	USN-552-1 -- perl vulnerability
Description:	It was discovered that Perl's regular expression library did not correctly handle certain UTF sequences.
Family:	unix	Class:	patch
Reference(s):	USN-552-1 CVE-2007-5116	Version:	7
Platform(s):	Ubuntu 6.06 Ubuntu 6.10 Ubuntu 7.04 Ubuntu 7.10	Product(s):	perl
Definition Synopsis:
Release section Ubuntu 6.06 is installed AND libperl5.8 DPKG is earlier than 5.8.7-10ubuntu1.1 AND Release section Ubuntu 6.10 is installed AND libperl5.8 DPKG is earlier than 5.8.8-6ubuntu0.1 AND Release section Ubuntu 7.04 is installed AND libperl5.8 DPKG is earlier than 5.8.8-7ubuntu0.1 AND Release section Ubuntu 7.10 is installed AND libperl5.8 DPKG is earlier than 5.8.8-7ubuntu3.1

 

Definition Id: oval:org.mitre.oval:def:20027
Oval ID:	oval:org.mitre.oval:def:20027
Title:	DSA-1400-1 perl - arbitrary code execution
Description:	Will Drewry and Tavis Ormandy of the Google Security Team have discovered a UTF-8 related heap overflow in Perl's regular expression compiler, probably allowing attackers to execute arbitrary code by compiling specially crafted regular expressions.
Family:	unix	Class:	patch
Reference(s):	DSA-1400-1 CVE-2007-5116	Version:	5
Platform(s):	Debian GNU/Linux 4.0	Product(s):	perl
Definition Synopsis:
Debian GNU/Linux 4.0 is installed. AND perl DPKG is earlier than 0:5.8.8-7etch1

 

Definition Id: oval:org.mitre.oval:def:22461
Oval ID:	oval:org.mitre.oval:def:22461
Title:	ELSA-2007:0966: perl security update (Important)
Description:	Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.
Family:	unix	Class:	patch
Reference(s):	ELSA-2007:0966-02 CVE-2007-5116	Version:	6
Platform(s):	Oracle Linux 5	Product(s):	perl
Definition Synopsis:
Oracle Linux 5.x  rpm test perl-suidperl is earlier than 4:5.8.8-10.el5_0.2 AND perl is earlier than 4:5.8.8-10.el5_0.2

CPE : Common Platform Enumeration

Type	Description	Count
Application	Larry Wall Perl cpe:2.3:a:larry_wall:perl:5.8.6:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.5:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.4:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.3:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.2.3:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.2:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4.1:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.4:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.3:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.1:*:*:*:*:*:*:* cpe:2.3:a:larry_wall:perl:5.8.0:*:*:*:*:*:*:*	11
Application	Mandrakesoft Mandrake Multi Network Firewall cpe:2.3:a:mandrakesoft:mandrake_multi_network_firewall:2.0:*:*:*:*:*:*:*	1
Application	Openpkg cpe:2.3:a:openpkg:openpkg:current:*:*:*:*:*:*:*	1
Os	Redhat Enterprise Linux cpe:2.3:o:redhat:enterprise_linux:1.0:*:application_stack:*:*:*:*:*	1

OpenVAS Exploits

Date	Description
2010-05-12	Name : Mac OS X Security Update 2007-009 File : nvt/macosx_secupd_2007-009.nasl
2009-11-17	Name : Mac OS X Version File : nvt/macosx_version.nasl
2009-10-13	Name : SLES10: Security update for perl File : nvt/sles10_perl0.nasl
2009-10-10	Name : SLES9: Security update for perl File : nvt/sles9p5018078.nasl
2009-04-09	Name : Mandriva Update for perl MDKSA-2007:207 (perl) File : nvt/gb_mandriva_MDKSA_2007_207.nasl
2009-03-23	Name : Ubuntu Update for perl vulnerability USN-552-1 File : nvt/gb_ubuntu_USN_552_1.nasl
2009-02-27	Name : Fedora Update for perl FEDORA-2007-3218 File : nvt/gb_fedora_2007_3218_perl_fc8.nasl
2009-02-27	Name : Fedora Update for perl FEDORA-2007-3255 File : nvt/gb_fedora_2007_3255_perl_fc7.nasl
2009-02-27	Name : Fedora Update for perl FEDORA-2007-748 File : nvt/gb_fedora_2007_748_perl_fc6.nasl
2009-02-17	Name : Fedora Update for perl FEDORA-2008-3392 File : nvt/gb_fedora_2008_3392_perl_fc8.nasl
2009-02-17	Name : Fedora Update for perl FEDORA-2008-3399 File : nvt/gb_fedora_2008_3399_perl_fc7.nasl
2008-09-24	Name : Gentoo Security Advisory GLSA 200711-28 (perl) File : nvt/glsa_200711_28.nasl
2008-09-04	Name : FreeBSD Ports: perl, perl-threaded File : nvt/freebsd_perl2.nasl
2008-01-17	Name : Debian Security Advisory DSA 1400-1 (perl) File : nvt/deb_1400_1.nasl

Open Source Vulnerability Database (OSVDB)

Id	Description
40409	Perl Regular Expression Engine (regcomp.c) Polymorphic opcode Support UTF Reg...

Nessus® Vulnerability Scanner

Date	Description
2014-12-15	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-201412-11.nasl - Type : ACT_GATHER_INFO
2013-07-12	Name : The remote Oracle Linux host is missing one or more security updates. File : oraclelinux_ELSA-2007-0966.nasl - Type : ACT_GATHER_INFO
2013-01-30	Name : The remote AIX host is missing a security patch. File : aix_IZ10244.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071105_perl_on_SL5_x.nasl - Type : ACT_GATHER_INFO
2012-08-01	Name : The remote Scientific Linux host is missing one or more security updates. File : sl_20071105_perl_on_SL4_x.nasl - Type : ACT_GATHER_INFO
2009-09-24	Name : The remote SuSE 9 host is missing a security-related patch. File : suse9_11964.nasl - Type : ACT_GATHER_INFO
2009-07-27	Name : The remote VMware ESX host is missing one or more security-related patches. File : vmware_VMSA-2008-0001.nasl - Type : ACT_GATHER_INFO
2009-04-23	Name : The remote CentOS host is missing one or more security updates. File : centos_RHSA-2007-0966.nasl - Type : ACT_GATHER_INFO
2008-05-13	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U815030.nasl - Type : ACT_GATHER_INFO
2008-05-01	Name : The remote Fedora host is missing a security update. File : fedora_2008-3399.nasl - Type : ACT_GATHER_INFO
2008-02-12	Name : The remote AIX host is missing a vendor-supplied security patch. File : aix_U814193.nasl - Type : ACT_GATHER_INFO
2007-12-18	Name : The remote host is missing a Mac OS X update that fixes various security issues. File : macosx_SecUpd2007-009.nasl - Type : ACT_GATHER_INFO
2007-12-13	Name : The remote SuSE 10 host is missing a security-related patch. File : suse_perl-4665.nasl - Type : ACT_GATHER_INFO
2007-12-07	Name : The remote Ubuntu host is missing one or more security-related patches. File : ubuntu_USN-552-1.nasl - Type : ACT_GATHER_INFO
2007-12-04	Name : The remote Fedora Core host is missing a security update. File : fedora_2007-748.nasl - Type : ACT_GATHER_INFO
2007-11-20	Name : The remote Gentoo host is missing one or more security-related patches. File : gentoo_GLSA-200711-28.nasl - Type : ACT_GATHER_INFO
2007-11-20	Name : The remote openSUSE host is missing a security update. File : suse_perl-4675.nasl - Type : ACT_GATHER_INFO
2007-11-14	Name : The remote Fedora host is missing a security update. File : fedora_2007-3255.nasl - Type : ACT_GATHER_INFO
2007-11-14	Name : The remote Fedora host is missing a security update. File : fedora_2007-3218.nasl - Type : ACT_GATHER_INFO
2007-11-07	Name : The remote FreeBSD host is missing one or more security-related updates. File : freebsd_pkg_5b47c2798cb511dc88780016179b2dd5.nasl - Type : ACT_GATHER_INFO
2007-11-07	Name : The remote Debian host is missing a security-related update. File : debian_DSA-1400.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Mandrake Linux host is missing one or more security updates. File : mandrake_MDKSA-2007-207.nasl - Type : ACT_GATHER_INFO
2007-11-06	Name : The remote Red Hat host is missing one or more security updates. File : redhat-RHSA-2007-0966.nasl - Type : ACT_GATHER_INFO